Have In-House Spies as Your Network’s Eyes
Monitoring the content and flow of traffic is the cornerstone of an organization’s network security. Active analysis of system traffic enables managers to set feasible network policies, tailored to meet the needs of the organization, ensuring that critical information and applications maintain their priority status over run-of-the-mill data and activities. In setting such policies, management may thwart denial-of-service attacks and other system penetrations or breaches. Lots of tools are available to serve your network managers in their efforts to monitor your network(s).
NetVigil by Fidelia, widely commended by analysts in the field, is a product used by large enterprise network and data centers to monitor thousands of IT elements. Developed using the same underlying engine as NetVigil is Fidelia’s Helix, a product providing real-time dynamic processing capabilities and “instant visibility” for networks, servers and applications. Visit www.fidelia.com for pricing and additional information.
Another real-time flow monitor on the market is Argus, from QoSient, LLC. It can be used to monitor individual end systems or activity on the entire enterprise network. Argus monitors and reports the status and performance of all network transactions examined in your network data stream. Currently running on Linux, Solaris, FreeBSD, OpenBSD, NetBSD and MAC OS X, its client programs also have been ported to Cygwin. Argus uses a flexible and extensible record format to provide common data format and reporting flow metrics, including connectivity, capacity, loss, demand and jitter for each transaction in the stream. Argus is flexible enough to be used to monitor and analyze the contents of packet capture files, or it can be run as a continuous monitor of live interface, complete with results in the form of an audit log of all examined activity in the packet stream. In this latter role, Argus provides data-handling models so your organization can create flexible strategies for collecting network audit data. For additional information or to download a copy, visit www.qosient.com/argus/.
Since server and network uptime is critical for business success, slowdowns can amount to serious setbacks. To maximize network uptime and to scan networks for imperfections and irregularities automatically–before they’re even picked up by users–network managers can turn to the GFI Network Server Monitor. This competitively priced software utility locates abnormal network conditions, including software and hardware failures, and notifies you by e-mail, pager or SMS. It goes a step further by repairing those identified trouble spots, then rebooting the machine, restarting the service or running a script. GFI Network Server Monitor is easy to learn and use, and is not complicated to set up with out-of-the-box monitoring of all aspects of your servers, including UNIX/Linux, Exchange, ISS, SQL and Web servers. Plus, your team can customize the monitor’s rules to accommodate your network requirements. For $375, your organization can monitor five servers, or you can monitor an unlimited number of servers for $699. For more information visit www.gfi.com.
For organizations interested in Web-based monitors, there’s Big Brother. With it’s flexibility, this tool can monitor and alert you to almost anything in your network. Big Brother is highly customizable, and its huge user community has contributed to the extensibility of this product with an enormous repository of user-contributed scripts. Seasoned administrators can have Big Brother up and running within an hour. Supporting common operating systems, including most flavors of Windows, UNIX and Linux, Big Brother streamlines network management. With its universal color-coded Web interface, designed with simplicity in mind, system administrators (and anyone else looking at the interface) can determine at a glance the soundness of a network—“red is bad and green is good.” Administrators can prevent outages and resolve problems proactively after Big Brother sends them notification of defined events (like system shortcomings and failures). For additional information visit, www.quest.com/bigbrother/.
Douglas Schweitzer, A+, Network+, i-Net+, CIW, is an Internet security specialist and the author of “Securing the Network From Malicious Code” and “Incident Response: Computer Forensics Toolkit.” He can be reached at firstname.lastname@example.org.