Solved

Network Monitoring

Posted on 2015-02-20
9
142 Views
Last Modified: 2015-03-04
I have an interesting question. We have a concern that changes are being made to our Windows NT network outside of the appropriate processes being followed (vetting, testing, making others aware etc). We aren't certain, but there is a possibility changes are being made to network config, proxy servers etc. Are there any tools available that can tell if changes are being made, without being intrusive or being detected? We don't want the ability to make changes, stop changes etc, only the ability to tell if changes are made. Any thoughts?
0
Comment
Question by:isaacr25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 12

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 84 total points
ID: 40621533
Yes, look at something like ManageEngine, they have a configuration manager, link below.  I have never implemented, but some tools even allow the tool to make the change so you can track by whom.


http://www.manageengine.com/products/device-expert/
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
ID: 40621542
If your network is on one subnet, use something like CommView (tamosoft.com) which is a good packet sniffer (I use it). Set it up to collect packets and review the packet logs to see if you are spotting activity. You can filter for specific IP addresses to reduce collection once you know.

WireShark is similar to CommView and is open source and free.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 166 total points
ID: 40621741
Running a packet sniffer and trying to decipher what was changed is not an easy task.  What I suggest you do is look at software such as SolarWinds configuration manager which would alert you if a configuration was changed on a device such as a router, firewall, etc. (support all Cisco routers, firewalls, etc.).  If you are interested in managing/informed of changes on Windows servers, then you should start with a log consolidation/aggregation software such as Splunk (by the way, Splunk can also track configuration changes and alert you) and you can build dashboards as well as alerts for things such as local logons to servers, etc.
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 

Author Comment

by:isaacr25
ID: 40621761
Thanks for the suggestions. Would all of these tools be invisible to network admins etc?
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40621772
Yes, they would be invisible, depending on how you configure, ie access and email alerts.  If your switching is supported, they basically login and pull the current config and compare to baseline.
0
 

Author Comment

by:isaacr25
ID: 40623693
I'm looking into these products. Are there any free or trial versions of these products available?
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
ID: 40623760
CommView comes with a 30-day trial if you wish to try it. WireShark is free.  Solar Winds is pricey but has a free trial. The others, I do not know.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 166 total points
ID: 40623763
Splunk is free if you index 500 MB or less a day.
0
 
LVL 5

Accepted Solution

by:
Leon Adato earned 84 total points
ID: 40633271
I'm going to second Mohammed Khawaja's comment. Solarwinds NCM (Network Configuration Manager) is a pretty economic choice (and it has a 30 day unlimited demo). It will back up the configs of all your network devices on a regular basis (you decide - daily, weekly, etc, on a per-device or per-device-group basis). On the SECOND collection, you can get an alert/report that shows anything that has changed in a side-by-side comparison. It automatically filters out the "stupid changes" (like timestamp) so you don't get noise alerts.

You can add alert responses to push the previous config back to the machine if you want. And all the configs are stored, so you can revert back to any previous version if you need to.

It also has the ability to scan all the configs that have been backed up and look for problems - security flaws, best practices, etc.

It's a pretty slick tool.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question