Network Monitoring - University of Oxford
Download
Report
Transcript Network Monitoring - University of Oxford
Monitoring Your Network
A College Approach
Chris Bamber, IT Systems Manager
Somerville College
Confidentiality: The contents of this
presentation and workshop discussion
are to be held in strictest confidence.
Documents to Read
Oxford University's Computer Usage Rules and Etiquette
http://www.ox.ac.uk/it/rules/
Somerville Rules for Computer Use
http://www.some.ox.ac.uk/cp_rules.htm
2
Christopher Bamber
29th June 2000
What We Can Use the Tools for
3
Identifying unofficial servers or services
Monitoring usage and traffic statistics
Protecting your network from the world
Troubleshooting your network
Investigating a security incident
Keeping logs of users activities for
accountability
Christopher Bamber
29th June 2000
The Tools Used
4
WS_Ping_ProPack
XploiterStat Lite
Windows NT Event
Viewer
Sophos Anti-Virus for NT
Sophos Anti-Virus
ADMIN Tool
Sophos Anti-Virus for
Exchange
Christopher Bamber
Elron Command View
Firewall for NT
eTrust Intrusion
Detection (Sessionwall)
Transcend Workgroup
Manager
Network Watch from NT
Resource Kit
29th June 2000
Somerville College Network
OUCS Router
100MB
CAT5
Fibre
100MB
100MB
CAT5
Unmanaged
HUB
100MB
CAT5
100MB
CAT5
Network
Monitor
100MB CAT5
Firewall
100MB CAT5
Media Converters
100 MB CAT5
Catering Hub
Switch 140M
1x4 port @10MB
1 port @100MB
House Hub
Switch 3300
2x24 port @100MB
DHQ Hub Switch 1100
2 x 24 port
@10MB+2@100MB
Switch 3300 1x12 Port @10/
100MB
Derbyshire Hub
Linkbuilder FMS II
1x12 port @10MB
Fibre
100MB
Fibre
10MB
Fibre 100MB
Fibre 10MB
10MB CAT5
10MB CAT5
Wave-Point II
PTP Bridge
Wireless Link
2MB
Wave-Point II
PTP Bridge
Maitland Hub
Switch 3300
1 x 24port + 1 x 12port @10/
100MB + 1 x 100MB-FX
10MB CAT5
Fibre 10MB
10MB
CAT5
Library Hub
Linkbuider FMS II
1x24 port @10MB
Margery Fry Hub PS 40
1x24 port @10MB
1x12 port @10MB
Wave-Point II
Wirelass LAN
Vaughan Hub PS 40
1x24 port @10MB
Bridge to MF
Media Converter
100MB CAT5
5
West Hub Switch 3300
1x24 port @10/100MB
Christopher Bamber
Penrose Hub
PS 40
3x24 port @10MB
29th June 2000
Ws_Ping_ProPack
6
This tool gives you basic
windows interface into a few
very handy utils:- Ping, Scan,
TraceRoute, Whois, Lookup
etc
Doing regular scans of
common ports on your
network will help to discover
unauthorised services or
servers
Very quick and simple, also
cheap £30.00 for a licence
Christopher Bamber
29th June 2000
A Port Scan
7
Christopher Bamber
29th June 2000
XploiterStat Lite
8
Christopher Bamber
Port monitoring software,
TCP and UDP
Free, upgrade available at
approx. £30.00
Produce text logs of active
connections to your
machine or servers
Handy for putting a trace
on a machine your
concerned about
29th June 2000
Windows NT Event Viewer
9
Comes with MS NT Server,it’s
FREE!
Use it to look at your logs
Make sure you have some
logs
Export your logs to examine
them in Excel, it’s quicker
More advanced version
available as a plug-in in
Windows 2000
Christopher Bamber
29th June 2000
Sophos Anti-virus for NT
10
Christopher Bamber
It’s FREE!, site licensed to
Oxford University
Protect your workstations
from viruses
Use a protected install so
users can’t remove it
Make it mandatory for all
computers connected to your
network
Keep it updated…
29th June 2000
Sophos Anti-Virus ADMIN Tool
11
Christopher Bamber
It’s FREE!
Allows you to install SAV onto
your NT workstations remotely
You need to have their admin
shares(C$) available for the
initial install
Allows you to update and
change the configuration of
SAV
Monitors the status and
current rollout of the IDE files
Allows you to force an update
to the user workstation
Quick and simple
29th June 2000
Sophos Sweep for Exchange
12
If you really have to run a mail
server, install some virus
scanning software
This is currently in Beta at the
moment, but it works!
Again FREE!, available on
site licence
SAVI is also available to
connect to other mail server
software
MAILsweeper is available for
most systems and uses SAVI
Christopher Bamber
29th June 2000
Elron CV Firewall for NT
13
Christopher Bamber
Offers fully IPSEC compliant
VPN Capabilities
Includes NAT, DMZ and User
Authentication
Delivers industry-leading, 3rd
generation, Stateful Multilayer
Inspection (SMLI) technology
Is easy to manage with a
point and click interface
Cost - £1.7K, available from
MIS Corporate Defence
Solutions
29th June 2000
Drill Down to View Rule Details
14
Christopher Bamber
29th June 2000
Specific Servers on Ports
15
Christopher Bamber
29th June 2000
Custom Defined Ports - Tuples
16
Christopher Bamber
29th June 2000
Log File View
17
Christopher Bamber
29th June 2000
Log Filtering
18
Christopher Bamber
The latest version of the
software now has a very
powerful filtering ability
for log files
This allows for quick
analysis and
troubleshooting of the
network and firewall
29th June 2000
Application Layer Commands
19
Available for FTP,
inbound Email, News
and Web
Allows you to lock down
the common ports to
valid commands only
Stops ICQ, Instant
Messaging from using
these ports
Christopher Bamber
29th June 2000
eTrust Intrusion Detection
20
Christopher Bamber
Providing real-time, nonintrusive detection, policybased alerts, and automatic
prevention
Integrated anti-virus engine
with automatic signature
updates
Dynamic URL blocking and
logging
Predefined policies for a wide
range of attacks
Comprehensive built-in
reports
29th June 2000
Transcend Workgroup Manager
21
Network management
utility for managing 3com
hubs and switches
Workgroup & Enterprise
edition will no longer be
available from the end of
June 2000 (so order
today!!)
Support will continue for
5 years
Christopher Bamber
29th June 2000
Network Watch (NT Resource Kit)
22
Allows you to view and
manage the network
shares on your NT
Servers
Includes the hidden
shares ($)
Handy to see who’s
connecting to what on
your server
Christopher Bamber
29th June 2000
Software Sites
WS_Ping_ProPack - http://www.ipswitch.com/Products/WS_Ping/index.html
XploiterStat Lite - http://www.xploiter.com/tambu/totostat.shtml
Sophos Anti-Virus – http://www.sophos.com/
MAILsweeper - http://www.mimesweeper.com/
Elron Firewall - http://www.elronsoftware.com/enterprise/cvfirewall.htm
eTrust - http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/
Transcend - http://www.3com.com/solutions/enterprise/networkmanagement/index.html
MIS Corporate Defence Solutions – http://www.mis-cds.com/
–
23
contact James Guttridge 01622 723459
Christopher Bamber
29th June 2000
Contact Information
Christopher Bamber
IT Systems Manager
Somerville College, OX2 6HD
E-mail: [email protected]
Tel: 01865 2 70661
24
Christopher Bamber
29th June 2000