?
Solved

Network Monitoring tools

Posted on 2005-03-11
7
Medium Priority
?
251 Views
Last Modified: 2013-12-07
Hello Everyone,

I recently started at a new company with a network that is riddled with spyware. I have been slowly going around and removing it but sometimes they just keep coming back. I want to implement a network monitoring tool that will allow me to pin point specific computers as the culprate. Unfortuantly my netowrk uses unmanged switches and hubs so most SNMP tools may be out of the question.

Does anyone have a suggestion for tools i can put in place to help me out?

0
Comment
Question by:kendingo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 27

Accepted Solution

by:
pseudocyber earned 1000 total points
ID: 13518487
It sounds like you don't really need network monitoring - what you need is Intrusion Detection System.

Quote:  
 
Intrusion detection (ID) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes refered to as scanning), which is a technology developed to assess the security of a computer system or network.
Intrusion detection functions include:

Monitoring and analyzing both user and system activities
Analyzing system configurations and vulnerabilities
Assessing system and file integrity
Ability to recognize patterns typical of attacks
Analysis of abnormal activity patterns
Tracking user policy violations

If you're using unmanaged network - I don't even know where to start because if a virus or spyware is trying to infect other machines on your network they could easily re-infect a machine which was just cleaned.  The only thing I can think of would be to disconnect all machines from the network and scan/clean one at a time and put the clean ones back.

But it sounds like some serious thought needs to be given to your network - with some analysis about managed equipment, IDS, firewalls, patch & OS management, etc.  It would be a chunk of change, but it would be a step towards preventing what you have now.  I realize the powers that be probably wouldn't approve the $$$ without some kind of cost justification/ROI, but at least it would serve to cover your a__.  
0
 
LVL 3

Expert Comment

by:mav7469
ID: 13521609
Pseudocyber is right.  Network monitoring will not really help you.  If you can't get the "powers that be" to approve the money for the correct hardware, you can try a software solution.  If you have a virus scanner now, great.  Otherwise, I would look into either Mcafee or Norton.  I know there are other cheaper ones out there, but IMHO, these two are the top of thier class and you really don't want to cheap out when it comes to virus scanning.  Then I would look at Ad-Aware Pro or Spy-Bot on EVERY PC you have.  Make sure to get the full version of these products.  This way, once everything is cleaned up, you can tell by looking at log files when someone is infected.

Good luck.
0
 
LVL 1

Author Comment

by:kendingo
ID: 13929706
These were not the answers i was looking for. I wanted suggestions on network monitoring tools such as MRTG or Cacti. I was able to implement them and worked like a charm. I just gave the points to the first post i didn't feel like dealing with the refund process.

Thanks for the advice.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 27

Expert Comment

by:pseudocyber
ID: 13929718
Thanks, but why the C grade?
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13929736
I don't know about Cacti, but MRTG helped you find spyware infested machines?!?
0
 
LVL 1

Author Comment

by:kendingo
ID: 13934612
Hey pseudocyber,

I gave a C grade because you gave me information that was not relavent to the situation, i my opinion. I guess you could view spy ware as a intrusion, but i view it as more of nuisance then a intrusion. My question specifically asked about network monitoring tools and not intrusion detection, ergo the C.

And yes MRTG did help me find spyware infested machines. I used a managed switch from my home lab to connect all of our various hubs and unmanged switches. This narrowed my search from 150 computers to 12-24 in a specific area. From there i could focus my efforts. Not the best scenario but it did the job. Now i have a tool that will allow me to monitor my network more effectivly as i replace my unmanged network devices with manged ones.

Regards
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 13934634
Ok, thanks for the explanation.  I'm glad you figured it out for yourself.  
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question