240 likes | 256 Views
Monitoring Your Network. A College Approach Chris Bamber, IT Systems Manager Somerville College. Confidentiality: The contents of this presentation and workshop discussion are to be held in strictest confidence. Documents to Read. Oxford University's Computer Usage Rules and Etiquette
E N D
Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop discussion are to be held in strictest confidence.
Documents to Read Oxford University's Computer Usage Rules and Etiquette http://www.ox.ac.uk/it/rules/ Somerville Rules for Computer Use http://www.some.ox.ac.uk/cp_rules.htm Christopher Bamber
What We Can Use the Tools for • Identifying unofficial servers or services • Monitoring usage and traffic statistics • Protecting your network from the world • Troubleshooting your network • Investigating a security incident • Keeping logs of users activities for accountability Christopher Bamber
WS_Ping_ProPack XploiterStat Lite Windows NT Event Viewer Sophos Anti-Virus for NT Sophos Anti-Virus ADMIN Tool Sophos Anti-Virus for Exchange Elron Command View Firewall for NT eTrust Intrusion Detection (Sessionwall) Transcend Workgroup Manager Network Watch from NT Resource Kit The Tools Used Christopher Bamber
Somerville College Network Christopher Bamber
Ws_Ping_ProPack • This tool gives you basic windows interface into a few very handy utils:- Ping, Scan, TraceRoute, Whois, Lookup etc • Doing regular scans of common ports on your network will help to discover unauthorised services or servers • Very quick and simple, also cheap £30.00 for a licence Christopher Bamber
A Port Scan Christopher Bamber
XploiterStat Lite • Port monitoring software, TCP and UDP • Free, upgrade available at approx. £30.00 • Produce text logs of active connections to your machine or servers • Handy for putting a trace on a machine your concerned about Christopher Bamber
Windows NT Event Viewer • Comes with MS NT Server,it’s FREE! • Use it to look at your logs • Make sure you have some logs • Export your logs to examine them in Excel, it’s quicker • More advanced version available as a plug-in in Windows 2000 Christopher Bamber
Sophos Anti-virus for NT • It’s FREE!, site licensed to Oxford University • Protect your workstations from viruses • Use a protected install so users can’t remove it • Make it mandatory for all computers connected to your network • Keep it updated… Christopher Bamber
Sophos Anti-Virus ADMIN Tool • It’s FREE! • Allows you to install SAV onto your NT workstations remotely • You need to have their admin shares(C$) available for the initial install • Allows you to update and change the configuration of SAV • Monitors the status and current rollout of the IDE files • Allows you to force an update to the user workstation • Quick and simple Christopher Bamber
Sophos Sweep for Exchange • If you really have to run a mail server, install some virus scanning software • This is currently in Beta at the moment, but it works! • Again FREE!, available on site licence • SAVI is also available to connect to other mail server software • MAILsweeper is available for most systems and uses SAVI Christopher Bamber
Elron CV Firewall for NT • Offers fully IPSEC compliant VPN Capabilities • Includes NAT, DMZ and User Authentication • Delivers industry-leading, 3rd generation, Stateful Multilayer Inspection (SMLI) technology • Is easy to manage with a point and click interface • Cost - £1.7K, available from MIS Corporate Defence Solutions Christopher Bamber
Drill Down to View Rule Details Christopher Bamber
Specific Servers on Ports Christopher Bamber
Custom Defined Ports - Tuples Christopher Bamber
Log File View Christopher Bamber
Log Filtering • The latest version of the software now has a very powerful filtering ability for log files • This allows for quick analysis and troubleshooting of the network and firewall Christopher Bamber
Application Layer Commands • Available for FTP, inbound Email, News and Web • Allows you to lock down the common ports to valid commands only • Stops ICQ, Instant Messaging from using these ports Christopher Bamber
eTrust Intrusion Detection • Providing real-time, non-intrusive detection, policy-based alerts, and automatic prevention • Integrated anti-virus engine with automatic signature updates • Dynamic URL blocking and logging • Predefined policies for a wide range of attacks • Comprehensive built-in reports Christopher Bamber
Transcend Workgroup Manager • Network management utility for managing 3com hubs and switches • Workgroup & Enterprise edition will no longer be available from the end of June 2000 (so order today!!) • Support will continue for 5 years Christopher Bamber
Network Watch (NT Resource Kit) • Allows you to view and manage the network shares on your NT Servers • Includes the hidden shares ($) • Handy to see who’s connecting to what on your server Christopher Bamber
Software Sites • WS_Ping_ProPack - http://www.ipswitch.com/Products/WS_Ping/index.html • XploiterStat Lite - http://www.xploiter.com/tambu/totostat.shtml • Sophos Anti-Virus – http://www.sophos.com/ • MAILsweeper - http://www.mimesweeper.com/ • Elron Firewall - http://www.elronsoftware.com/enterprise/cvfirewall.htm • eTrust - http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/ • Transcend - http://www.3com.com/solutions/enterprise/networkmanagement/index.html • MIS Corporate Defence Solutions – http://www.mis-cds.com/ • contact James Guttridge 01622 723459 Christopher Bamber
Contact Information Christopher Bamber IT Systems Manager Somerville College, OX2 6HD E-mail: chris.bamber@some.ox.ac.uk Tel: 01865 2 70661 Christopher Bamber