Solved

Network Monitoring

Posted on 2015-02-20
9
139 Views
Last Modified: 2015-03-04
I have an interesting question. We have a concern that changes are being made to our Windows NT network outside of the appropriate processes being followed (vetting, testing, making others aware etc). We aren't certain, but there is a possibility changes are being made to network config, proxy servers etc. Are there any tools available that can tell if changes are being made, without being intrusive or being detected? We don't want the ability to make changes, stop changes etc, only the ability to tell if changes are made. Any thoughts?
0
Comment
Question by:isaacr25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 12

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 84 total points
ID: 40621533
Yes, look at something like ManageEngine, they have a configuration manager, link below.  I have never implemented, but some tools even allow the tool to make the change so you can track by whom.


http://www.manageengine.com/products/device-expert/
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
ID: 40621542
If your network is on one subnet, use something like CommView (tamosoft.com) which is a good packet sniffer (I use it). Set it up to collect packets and review the packet logs to see if you are spotting activity. You can filter for specific IP addresses to reduce collection once you know.

WireShark is similar to CommView and is open source and free.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 166 total points
ID: 40621741
Running a packet sniffer and trying to decipher what was changed is not an easy task.  What I suggest you do is look at software such as SolarWinds configuration manager which would alert you if a configuration was changed on a device such as a router, firewall, etc. (support all Cisco routers, firewalls, etc.).  If you are interested in managing/informed of changes on Windows servers, then you should start with a log consolidation/aggregation software such as Splunk (by the way, Splunk can also track configuration changes and alert you) and you can build dashboards as well as alerts for things such as local logons to servers, etc.
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 

Author Comment

by:isaacr25
ID: 40621761
Thanks for the suggestions. Would all of these tools be invisible to network admins etc?
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40621772
Yes, they would be invisible, depending on how you configure, ie access and email alerts.  If your switching is supported, they basically login and pull the current config and compare to baseline.
0
 

Author Comment

by:isaacr25
ID: 40623693
I'm looking into these products. Are there any free or trial versions of these products available?
0
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
ID: 40623760
CommView comes with a 30-day trial if you wish to try it. WireShark is free.  Solar Winds is pricey but has a free trial. The others, I do not know.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 166 total points
ID: 40623763
Splunk is free if you index 500 MB or less a day.
0
 
LVL 5

Accepted Solution

by:
Leon Adato earned 84 total points
ID: 40633271
I'm going to second Mohammed Khawaja's comment. Solarwinds NCM (Network Configuration Manager) is a pretty economic choice (and it has a 30 day unlimited demo). It will back up the configs of all your network devices on a regular basis (you decide - daily, weekly, etc, on a per-device or per-device-group basis). On the SECOND collection, you can get an alert/report that shows anything that has changed in a side-by-side comparison. It automatically filters out the "stupid changes" (like timestamp) so you don't get noise alerts.

You can add alert responses to push the previous config back to the machine if you want. And all the configs are stored, so you can revert back to any previous version if you need to.

It also has the ability to scan all the configs that have been backed up and look for problems - security flaws, best practices, etc.

It's a pretty slick tool.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question