Here's the scoop. Through some form of hacking some script kitty was able to determine that administrator password for our network. Aside from applying some tighter security measures I'm looking for some extra help. (When the boss is worried it means he won't give a 2nd thought to pitching in some money to solve a problem.)
I'm mainly a Novell Shop, but I've got Windows Servers as well. We run BorderManager for our proxy and SurfControl as a web filter. Other than http that goes through the proxy I've got no way of knowing what kind of traffic is going on on the network.
Here is my 2 part question:
I'd like to get a network monitor of some sort, be it hardware or software that will monitor all (or at least most) types of network traffic. I'd be great if it had a way to block that traffic as well but that's not required. I've also "heard" of products that will let you pretty much view what that traffic is in plain text. I've heard of Sniffer, Nessus, etc but they're a bit over my head as far as turning the results that I get from them into something that I can use. I'd love a set it and forget it solution. Any recommendations?
The second part is are network monitors effective. It seems that most programs can be moved to run over http which would make it harder attract attention on a log. Thoughts?
Thanks in advance.