Solved

Network Monitoring

Posted on 2015-02-20
9
129 Views
Last Modified: 2015-03-04
I have an interesting question. We have a concern that changes are being made to our Windows NT network outside of the appropriate processes being followed (vetting, testing, making others aware etc). We aren't certain, but there is a possibility changes are being made to network config, proxy servers etc. Are there any tools available that can tell if changes are being made, without being intrusive or being detected? We don't want the ability to make changes, stop changes etc, only the ability to tell if changes are made. Any thoughts?
0
Comment
Question by:isaacr25
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 12

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 84 total points
ID: 40621533
Yes, look at something like ManageEngine, they have a configuration manager, link below.  I have never implemented, but some tools even allow the tool to make the change so you can track by whom.


http://www.manageengine.com/products/device-expert/
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
ID: 40621542
If your network is on one subnet, use something like CommView (tamosoft.com) which is a good packet sniffer (I use it). Set it up to collect packets and review the packet logs to see if you are spotting activity. You can filter for specific IP addresses to reduce collection once you know.

WireShark is similar to CommView and is open source and free.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 166 total points
ID: 40621741
Running a packet sniffer and trying to decipher what was changed is not an easy task.  What I suggest you do is look at software such as SolarWinds configuration manager which would alert you if a configuration was changed on a device such as a router, firewall, etc. (support all Cisco routers, firewalls, etc.).  If you are interested in managing/informed of changes on Windows servers, then you should start with a log consolidation/aggregation software such as Splunk (by the way, Splunk can also track configuration changes and alert you) and you can build dashboards as well as alerts for things such as local logons to servers, etc.
0
 

Author Comment

by:isaacr25
ID: 40621761
Thanks for the suggestions. Would all of these tools be invisible to network admins etc?
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40621772
Yes, they would be invisible, depending on how you configure, ie access and email alerts.  If your switching is supported, they basically login and pull the current config and compare to baseline.
0
 

Author Comment

by:isaacr25
ID: 40623693
I'm looking into these products. Are there any free or trial versions of these products available?
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 166 total points
ID: 40623760
CommView comes with a 30-day trial if you wish to try it. WireShark is free.  Solar Winds is pricey but has a free trial. The others, I do not know.
0
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 166 total points
ID: 40623763
Splunk is free if you index 500 MB or less a day.
0
 
LVL 5

Accepted Solution

by:
Leon Adato earned 84 total points
ID: 40633271
I'm going to second Mohammed Khawaja's comment. Solarwinds NCM (Network Configuration Manager) is a pretty economic choice (and it has a 30 day unlimited demo). It will back up the configs of all your network devices on a regular basis (you decide - daily, weekly, etc, on a per-device or per-device-group basis). On the SECOND collection, you can get an alert/report that shows anything that has changed in a side-by-side comparison. It automatically filters out the "stupid changes" (like timestamp) so you don't get noise alerts.

You can add alert responses to push the previous config back to the machine if you want. And all the configs are stored, so you can revert back to any previous version if you need to.

It also has the ability to scan all the configs that have been backed up and look for problems - security flaws, best practices, etc.

It's a pretty slick tool.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Read about achieving the basic levels of HRIS security in the workplace.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now