1 / 12

Lecture 4: Monitoring Network Resources

Lecture 4: Monitoring Network Resources. IT:Network:Apps. What’s happening on the network?. Need to keep track of many things Traffic (packets) Network load Server load Disk space Log files Availability of Servers/Services. Network Traffic (live). Protocol Analyzer Wireshark Sniffer

ryan-gibson
Download Presentation

Lecture 4: Monitoring Network Resources

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 4: Monitoring Network Resources IT:Network:Apps

  2. What’s happening on the network? • Need to keep track of many things • Traffic (packets) • Network load • Server load • Disk space • Log files • Availability of Servers/Services

  3. Network Traffic (live) • Protocol Analyzer • Wireshark • Sniffer • Network Monitor • Need to see all packets • Promiscuous Mode • Management port on switch

  4. Network Load • Could use Wireshark again (Stats>Summary) • Administrative Tools > Performance • IPv4 – Datagrams (sent/received) / sec • Network Interface – Bytes (sent/received/total) / sec

  5. Server Load • Performance again • Processor - % Processor Time • Processor - % Idle Time • Memory – Pages/sec

  6. Disk Space/Performance • Disk Space – does it have enough space • Performance Monitor • Logical Disk - Free megabytes; % Free Space • Disk Performance – is it fast enough • Performance Monitor • Logical Disk – Avg Disk Read|Write Queue Length

  7. Log Files • System keeps log files with important info • System; Application; Security; Others • Look at them!!! • EventRover • EventAlarm

  8. Audit • Security Policy (Local, Domain, DC) • Local Policies – Audit Policy • What to watch • Account Logon Events – domain user auth by DC • Account Mgmt – • Logon Events – user auth by local machine • Object access – file system/reg key/ printer • (ntfs security – Adv – audit) • Policy Change • Privilege use • Process Tracking • System Events

  9. Audit Success or Fail • It Depends • Security – watch for what “shouldn’t” happen • Tracking – watch for what “is” happening • Do we need to know Mary successfully logged in? • Do we need to know the server restarted? • Why did it restart? • Do we need to know a user was created? • who created it and why? • Watch Log File

  10. Monitor Availability • NetProbe • Performance • Could be as simple as ping • Could check for specific service (www, smtp) • Could check Performance Monitor settings

  11. Performance Logs and Alerts Demo

  12. Other resources • Windows Software Update Services • Patch management software • Microsoft Security Baseline Analyzer • MBSA, probes local and remote systems for security issues • Missing updates, hotfixes etc for most Microsoft Software

More Related