Solved

Network Monitoring

Posted on 2015-02-20
9
125 Views
Last Modified: 2015-03-04
I have an interesting question. We have a concern that changes are being made to our Windows NT network outside of the appropriate processes being followed (vetting, testing, making others aware etc). We aren't certain, but there is a possibility changes are being made to network config, proxy servers etc. Are there any tools available that can tell if changes are being made, without being intrusive or being detected? We don't want the ability to make changes, stop changes etc, only the ability to tell if changes are made. Any thoughts?
0
Comment
Question by:isaacr25
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 11

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 84 total points
Comment Utility
Yes, look at something like ManageEngine, they have a configuration manager, link below.  I have never implemented, but some tools even allow the tool to make the change so you can track by whom.


http://www.manageengine.com/products/device-expert/
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
Comment Utility
If your network is on one subnet, use something like CommView (tamosoft.com) which is a good packet sniffer (I use it). Set it up to collect packets and review the packet logs to see if you are spotting activity. You can filter for specific IP addresses to reduce collection once you know.

WireShark is similar to CommView and is open source and free.
0
 
LVL 24

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 166 total points
Comment Utility
Running a packet sniffer and trying to decipher what was changed is not an easy task.  What I suggest you do is look at software such as SolarWinds configuration manager which would alert you if a configuration was changed on a device such as a router, firewall, etc. (support all Cisco routers, firewalls, etc.).  If you are interested in managing/informed of changes on Windows servers, then you should start with a log consolidation/aggregation software such as Splunk (by the way, Splunk can also track configuration changes and alert you) and you can build dashboards as well as alerts for things such as local logons to servers, etc.
0
 

Author Comment

by:isaacr25
Comment Utility
Thanks for the suggestions. Would all of these tools be invisible to network admins etc?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 11

Expert Comment

by:Bryant Schaper
Comment Utility
Yes, they would be invisible, depending on how you configure, ie access and email alerts.  If your switching is supported, they basically login and pull the current config and compare to baseline.
0
 

Author Comment

by:isaacr25
Comment Utility
I'm looking into these products. Are there any free or trial versions of these products available?
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
Comment Utility
CommView comes with a 30-day trial if you wish to try it. WireShark is free.  Solar Winds is pricey but has a free trial. The others, I do not know.
0
 
LVL 24

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 166 total points
Comment Utility
Splunk is free if you index 500 MB or less a day.
0
 
LVL 5

Accepted Solution

by:
Leon Adato earned 84 total points
Comment Utility
I'm going to second Mohammed Khawaja's comment. Solarwinds NCM (Network Configuration Manager) is a pretty economic choice (and it has a 30 day unlimited demo). It will back up the configs of all your network devices on a regular basis (you decide - daily, weekly, etc, on a per-device or per-device-group basis). On the SECOND collection, you can get an alert/report that shows anything that has changed in a side-by-side comparison. It automatically filters out the "stupid changes" (like timestamp) so you don't get noise alerts.

You can add alert responses to push the previous config back to the machine if you want. And all the configs are stored, so you can revert back to any previous version if you need to.

It also has the ability to scan all the configs that have been backed up and look for problems - security flaws, best practices, etc.

It's a pretty slick tool.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now