How to detect and kill unauthorized network activity

I am a school network admin.  How can I detect when my students are using tools like PUTTY and Ultrasurf to bypass webfiltering and how can I detect and track DOS attacks from the student workstations?  We do not allow non-distrooct devices to attach to the network.  M7y best solution would be to detect and identify the activity, e-mail me about it, and allow me to either control it, or track it to a port on a switch. Additionally, if I could shape my network traffic to limit certain content, that would be a bonus...

My network uses Brocade big iron switches.

Thank you for your help.
LVL 1
Stephen YorkAsked:
Who is Participating?
 
kdearingCommented:
I've used What's Up Gold, SpiceWorks, and Wireshark.
Alot of experts here love PRTG
0
 
kdearingCommented:
You're looking for a good network monitoring package.
The following link has many:
http://www.experts-exchange.com/Software/System_Utilities/Q_26748566.html?cid=748#a34841205
0
 
Stephen YorkAuthor Commented:
Do you have any preferences?  Have you used What's Up Gold?
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
Stephen YorkAuthor Commented:
We will look at WUG and PRTG.  Both have free trials and both can be cost effective for me.  Thank you for your suggestions and help!
0
 
Stephen YorkAuthor Commented:
THANX!!!!!!!!!
0
 
NorthernTel & Telebec Managed ServicesManaged I.T. SupportCommented:
I have a script I created that blocks write access to a certain part of the user registry. Ultrasurf needs to be able set it's own address as a proxy in windows. My blog explains it in more detail http://www.chrisleblanc.org/block-ultrasurf-workstation-level-windows/
0
 
Stephen YorkAuthor Commented:
Interesting - thanx.  My question was really beyond just Ultrasurf, but it was part of my problem...

For the major proxy avoidance tools, after a little observation of real traffic on our network and my firewall, and then running the many versions of Ultrasurf and some of its brothers, we found that Ultrasurf and kin tends to use netblocks from and Asian provider, Hurricane Electric, to stash their moving server IP targets...  nothing good seems to come from there so we simply black-list entire blocks of the netblocks from that vendor and Ultrasurf does not give the illusion of not working, it just doesn't work.  The only complaints that I have had since doing this is from some of my students... <<Insert evil giggle and/or smirk here ...>>  Way easier than playing with so many other things to stop the stupidity.  It is not foolproof, but I employ other means to help bolster my security and tighten the use of my network bandwidth to be more oriented towards education...  I really have so many other better things to do than play spy versus spy, but this is part of the job...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.