[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 300
  • Last Modified:

Network Monitor

Hi All,

Here's the scoop. Through some form of hacking some script kitty was able to determine that administrator password for our network. Aside from applying some tighter security measures I'm looking for some extra help. (When the boss is worried it means he won't give a 2nd thought to pitching in some money to solve a problem.)

I'm mainly a Novell Shop, but I've got Windows Servers as well. We run BorderManager for our proxy and SurfControl as a web filter. Other than http that goes through the proxy I've got no way of knowing what kind of traffic is going on on the network.

Here is my 2 part question:

I'd like to get a network monitor of some sort, be it hardware or software that will monitor all (or at least most) types of network traffic. I'd be great if it had a way to block that traffic as well but that's not required. I've also "heard" of products that will let you pretty much view what that traffic is in plain text. I've heard of Sniffer, Nessus, etc but they're a bit over my head as far as turning the results that I get from them into something that I can use. I'd love a set it and forget it solution. Any recommendations?

The second part is are network monitors effective. It seems that most programs can be moved to run over http which would make it harder attract attention on a log. Thoughts?

Thanks in advance.
0
Sebastien47136
Asked:
Sebastien47136
2 Solutions
 
Rich RumbleSecurity SamuraiCommented:
IDS are effective warning tools, and an IDS such as Snort can be used to trigger firewall updates with a program like SnortSam. http://www.snort.org/  http://www.snortsam.net/
Snort also has "in-line" mode that can make snort act like snortsam does, however I think snortsam has some destinct advantages.
Traffic monitors etc... Ethereal/Tcpdump are sniffers that allow you to see traffic in plain-text, and basically that's what an IDS does, sniff the traffic and alert you based on signatures and other critera when met. Snort has a few added engines that allow it to reassemble streams and connections in ways that most sniffers don't, such as an FTP engine (preprocessor) that can uncompress ftp streams and examine the data in them, and in some cases there are preprocessors to decrypt other streams.

Ntop is a good program to help you catagoize, and gather statistics for protocols being used on your lan, however there is no substitute for a good "flow manager" such as Nflow
http://www.ntop.org/overview.html (a free windows version is here: http://www.openxtra.co.uk/products/ntop-xtra.php ) nProbe from ntop is very good
http://www.nflow.com/main/index.htm

Then you can also use Cacti, or someother MRTG/RRDtool front end to graph your interfaces (switch and router ports) bandwidth usage, as well as CPU etc...
http://cacti.net/  http://cacti.net/screenshots.php

Security isn't a product, it's a process. So you have to keep up with adding the latest snort sig's and checking the alerts if they aren't automatically sent to you, you also have to weed out the false positives and remove some signatures you may not need or want. http://xinn.org/clearsite-project.html

-rich
0
 
antonafCommented:
I didn't see you mention anything about a firewall.  You should invest in a good firewall such as: (Microsoft ISA, Symantec Sygate, Checkpoint, etc.).  Most firewalls allow you to monitor your network traffic and/or block access to vulnerable ports.  If you are mostly looking for a network monitoring tool then I suggest GFI LANGuard (http://www.gfi.com/languard/), it is pretty intuitive and should help you get down to the nitty gritty of your network.  Another good product is Computer Associates Unicenter TNG.  

Hope this helps!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now