monitor network usage

Posted on 2005-03-11
Medium Priority
Last Modified: 2010-04-11
Greetings.  I am an IT Specialist for a bank and my banks auditors want us to be able to monitor network usage (ie. who accesses what on our hard drives on our file servers [or similar]).  We currently have no group policies (which we should).  We have a "public" share on our file server which any one w/ a pc at work can access and we have a prviate folder set up for each employee.  VLANs would be difficult to implement because in our branch office people often wear different hats throughout the day.  We would also like to monitor internet usage.  Maybe my best bet would be to implement group policies.

With cisco pix firewall, can you monitor and block internet usage based on ip/url?  If so, this would solve my internet usage issues.

Thanks for any help.

Question by:hptechnician
  • 2

Assisted Solution

tmehmet earned 600 total points
ID: 13520969
You should be able to apply logging to the files and directories on your file servers. Within the local security policy for the server, there is an  audit policy, within that you can log various kinds of access and events for both success and failure.

This may well fill up your logs so you need to keep an eye on it.

Your best bet for  monitoring internet usage is to use a Proxy server, it can not only make it much easier to control internet usage, it can provide a level of detail for activity beyond what the PIX can do. Also, if you try to log too much on the firewall, it will impact performance and may actually hurt internet access performance.

re group policies, these are fine but I'n not sure if they will help your logging and monitoring requirements. It is used to control the 'environment' rather than monitor user activity.

LVL 38

Accepted Solution

Rich Rumble earned 400 total points
ID: 13521284
Turning on event logging on a windows box is a very good idea, if people are connecting through your pix or vpn, those log's are also valuable to have.
here are some monitoring tools that may suit your needs:
http://www.ntop.org/overview.html (measures bandwidth usage by protocol) (windows versin here http://www.openxtra.co.uk/products/ntop-xtra.php )
http://www.kiwisyslog.com/ (log monitoring for your network gear and windows log's- also see snare and other here http://www.kiwisyslog.com/links.htm )
http://www.snort.org/ (network intrusion detection)
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/03w2kadb.mspx (turn on event logging on M$)

A pix has no way of blocking based on useage, you either allow or deny connections via a pix
LVL 24

Expert Comment

ID: 13521932
Auditors care more about data
Concentrate less on traffic, more on controlling and tracking access to data, resulting in logs they can read

Assisted Solution

tmehmet earned 600 total points
ID: 13522125
Consider taking logs offline (in near real time if possible), that way if an attacker tries to cover their tracks they modify local logs only and differneces appear between local and remote, you know theres a problem. If you have a lot of servers, you'll probably do this anyway and use come sort of log correlation to keep an eye on things.

Also consider a file integrity checker, you can then mark files and directories for alerting when changes are made on 'critical'' files. Its another level of auditing that can help immensely with forensics and investigations.

Combined with daily backups (allowing ability to track changes) of files and the suggestions/comments above, you can get a very good solution that will easily meet and exceed your auditor requirements.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question