Monitoring Your Network

Monitoring Your Network

A College Approach

Chris Bamber, IT Systems Manager

Somerville College

Confidentiality: The contents of this presentation and workshop discussion are to be held in strictest confidence.

29th June 2000Christopher Bamber2

Documents to Read

Oxford University's Computer Usage Rules and Etiquette

http://www.ox.ac.uk/it/rules/

Somerville Rules for Computer Use

http://www.some.ox.ac.uk/cp_rules.htm


What We Can Use the Tools for

Identifying unofficial servers or services Monitoring usage and traffic statistics Protecting your network from the world Troubleshooting your network Investigating a security incident Keeping logs of users activities for

accountability


The Tools Used

WS_Ping_ProPack XploiterStat Lite Windows NT Event

Viewer Sophos Anti-Virus for NT Sophos Anti-Virus

ADMIN Tool Sophos Anti-Virus for

Exchange

Elron Command View Firewall for NT

eTrust Intrusion Detection (Sessionwall)

Transcend Workgroup Manager

Network Watch from NT Resource Kit


Somerville College Network

10MBCAT5

10MB CAT5

100MBCAT5

Fibre 100MB

Wireless Link2MB

100MB CAT5

10MB CAT5

100 MB CAT5

10MB CAT5

100MB CAT5

Fibre 10MB

Fibre100MB

Library HubLinkbuider FMS II1x24 port @10MB

Penrose HubPS 40

3x24 port @10MB

Wave-Point IIPTP Bridge

Wave-Point IIPTP Bridge

Catering HubSwitch 140M

1x4 port @10MB1 port @100MB

Media ConverterVaughan Hub PS 401x24 port @10MB

Bridge to MF

Margery Fry Hub PS 401x24 port @10MB1x12 port @10MB

Derbyshire HubLinkbuilder FMS II1x12 port @10MB

OUCS Router

100MBCAT5

Fibre10MB

100MB CAT5

FirewallNetworkMonitor

100MBCAT5

UnmanagedHUB

Med

ia C

onve

rter

s

Fibre 10MB

House HubSwitch 3300

2x24 port @100MB

Maitland HubSwitch 3300

1 x 24port + 1 x 12port @10/100MB + 1 x 100MB-FX

DHQ Hub Switch 11002 x 24 port

@10MB+2@100MB

Switch 3300 1x12 Port @10/100MB

100MBCAT5

Fibre100MB

West Hub Switch 33001x24 port @10/100MB

Wave-Point IIWirelass LAN


Ws_Ping_ProPack

This tool gives you basic windows interface into a few very handy utils:- Ping, Scan, TraceRoute, Whois, Lookup etc

Doing regular scans of common ports on your network will help to discover unauthorised services or servers

Very quick and simple, also cheap £30.00 for a licence


A Port Scan


XploiterStat Lite

Port monitoring software, TCP and UDP

Free, upgrade available at approx. £30.00

Produce text logs of active connections to your machine or servers

Handy for putting a trace on a machine your concerned about


Windows NT Event Viewer

Comes with MS NT Server,it’s FREE!

Use it to look at your logs Make sure you have some

logs Export your logs to examine

them in Excel, it’s quicker More advanced version

available as a plug-in in Windows 2000


Sophos Anti-virus for NT

It’s FREE!, site licensed to Oxford University

Protect your workstations from viruses

Use a protected install so users can’t remove it

Make it mandatory for all computers connected to your network

Keep it updated…


Sophos Anti-Virus ADMIN Tool

It’s FREE! Allows you to install SAV onto

your NT workstations remotely You need to have their admin

shares(C$) available for the initial install

Allows you to update and change the configuration of SAV

Monitors the status and current rollout of the IDE files

Allows you to force an update to the user workstation

Quick and simple


Sophos Sweep for Exchange

If you really have to run a mail server, install some virus scanning software

This is currently in Beta at the moment, but it works!

Again FREE!, available on site licence

SAVI is also available to connect to other mail server software

MAILsweeper is available for most systems and uses SAVI


Elron CV Firewall for NT

Offers fully IPSEC compliant VPN Capabilities

Includes NAT, DMZ and User Authentication

Delivers industry-leading, 3rd generation, Stateful Multilayer Inspection (SMLI) technology

Is easy to manage with a point and click interface

Cost - £1.7K, available from MIS Corporate Defence Solutions


Drill Down to View Rule Details


Specific Servers on Ports


Custom Defined Ports - Tuples


Log File View


Log Filtering

The latest version of the software now has a very powerful filtering ability for log files

This allows for quick analysis and troubleshooting of the network and firewall


Application Layer Commands

Available for FTP, inbound Email, News and Web

Allows you to lock down the common ports to valid commands only

Stops ICQ, Instant Messaging from using these ports


eTrust Intrusion Detection

Providing real-time, non-intrusive detection, policy-based alerts, and automatic prevention

Integrated anti-virus engine with automatic signature updates

Dynamic URL blocking and logging

Predefined policies for a wide range of attacks

Comprehensive built-in reports


Transcend Workgroup Manager

Network management utility for managing 3com hubs and switches

Workgroup & Enterprise edition will no longer be available from the end of June 2000 (so order today!!)

Support will continue for 5 years


Network Watch (NT Resource Kit)

Allows you to view and manage the network shares on your NT Servers

Includes the hidden shares ($)

Handy to see who’s connecting to what on your server


Software Sites

WS_Ping_ProPack - http://www.ipswitch.com/Products/WS_Ping/index.html

XploiterStat Lite - http://www.xploiter.com/tambu/totostat.shtml

Sophos Anti-Virus – http://www.sophos.com/

MAILsweeper - http://www.mimesweeper.com/

Elron Firewall - http://www.elronsoftware.com/enterprise/cvfirewall.htm

eTrust - http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/

Transcend - http://www.3com.com/solutions/enterprise/networkmanagement/index.html

MIS Corporate Defence Solutions – http://www.mis-cds.com/

– contact James Guttridge 01622 723459


Contact Information

Christopher Bamber

IT Systems Manager

Somerville College, OX2 6HD

E-mail: [email protected]

Tel: 01865 2 70661

Monitoring Your Network

Documents

ms nt server

nt workstations remotelyyou

ntits free

admin sharesc

protected install

servicesmonitoring usage

christopher bamberdocuments

user workstationquick