Monitoring Your Network A College Approach Chris Bamber
Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop discussion are to be held in strictest confidence. 29 th June 2000 Christopher Bamber
Documents to Read Oxford University's Computer Usage Rules and Etiquette http: //www. ox. ac. uk/it/rules/ Somerville Rules for Computer Use http: //www. some. ox. ac. uk/cp_rules. htm 2 Christopher Bamber 29 th June 2000
What We Can Use the Tools for l l l 3 Identifying unofficial servers or services Monitoring usage and traffic statistics Protecting your network from the world Troubleshooting your network Investigating a security incident Keeping logs of users activities for accountability Christopher Bamber 29 th June 2000
The Tools Used l l l 4 WS_Ping_Pro. Pack Xploiter. Stat Lite Windows NT Event Viewer Sophos Anti-Virus for NT Sophos Anti-Virus ADMIN Tool Sophos Anti-Virus for Exchange l l Christopher Bamber Elron Command View Firewall for NT e. Trust Intrusion Detection (Sessionwall) Transcend Workgroup Manager Network Watch from NT Resource Kit 29 th June 2000
Somerville College Network 5 Christopher Bamber 29 th June 2000
Ws_Ping_Pro. Pack l l l 6 This tool gives you basic windows interface into a few very handy utils: - Ping, Scan, Trace. Route, Whois, Lookup etc Doing regular scans of common ports on your network will help to discover unauthorised services or servers Very quick and simple, also cheap £ 30. 00 for a licence Christopher Bamber 29 th June 2000
A Port Scan 7 Christopher Bamber 29 th June 2000
Xploiter. Stat Lite l l 8 Christopher Bamber Port monitoring software, TCP and UDP Free, upgrade available at approx. £ 30. 00 Produce text logs of active connections to your machine or servers Handy for putting a trace on a machine your concerned about 29 th June 2000
Windows NT Event Viewer l l l 9 Comes with MS NT Server, it’s FREE! Use it to look at your logs Make sure you have some logs Export your logs to examine them in Excel, it’s quicker More advanced version available as a plug-in in Windows 2000 Christopher Bamber 29 th June 2000
Sophos Anti-virus for NT l l l 10 Christopher Bamber It’s FREE!, site licensed to Oxford University Protect your workstations from viruses Use a protected install so users can’t remove it Make it mandatory for all computers connected to your network Keep it updated… 29 th June 2000
Sophos Anti-Virus ADMIN Tool l l l 11 Christopher Bamber It’s FREE! Allows you to install SAV onto your NT workstations remotely You need to have their admin shares(C$) available for the initial install Allows you to update and change the configuration of SAV Monitors the status and current rollout of the IDE files Allows you to force an update to the user workstation Quick and simple 29 th June 2000
Sophos Sweep for Exchange l l l 12 If you really have to run a mail server, install some virus scanning software This is currently in Beta at the moment, but it works! Again FREE!, available on site licence SAVI is also available to connect to other mail server software MAILsweeper is available for most systems and uses SAVI Christopher Bamber 29 th June 2000
Elron CV Firewall for NT l l l 13 Christopher Bamber Offers fully IPSEC compliant VPN Capabilities Includes NAT, DMZ and User Authentication Delivers industry-leading, 3 rd generation, Stateful Multilayer Inspection (SMLI) technology Is easy to manage with a point and click interface Cost - £ 1. 7 K, available from MIS Corporate Defence Solutions 29 th June 2000
Drill Down to View Rule Details 14 Christopher Bamber 29 th June 2000
Specific Servers on Ports 15 Christopher Bamber 29 th June 2000
Custom Defined Ports - Tuples 16 Christopher Bamber 29 th June 2000
Log File View 17 Christopher Bamber 29 th June 2000
Log Filtering l l 18 Christopher Bamber The latest version of the software now has a very powerful filtering ability for log files This allows for quick analysis and troubleshooting of the network and firewall 29 th June 2000
Application Layer Commands l l l 19 Available for FTP, inbound Email, News and Web Allows you to lock down the common ports to valid commands only Stops ICQ, Instant Messaging from using these ports Christopher Bamber 29 th June 2000
e. Trust Intrusion Detection l l l 20 Christopher Bamber Providing real-time, nonintrusive detection, policybased alerts, and automatic prevention Integrated anti-virus engine with automatic signature updates Dynamic URL blocking and logging Predefined policies for a wide range of attacks Comprehensive built-in reports 29 th June 2000
Transcend Workgroup Manager l l l 21 Network management utility for managing 3 com hubs and switches Workgroup & Enterprise edition will no longer be available from the end of June 2000 (so order today!!) Support will continue for 5 years Christopher Bamber 29 th June 2000
Network Watch (NT Resource Kit) l l l 22 Allows you to view and manage the network shares on your NT Servers Includes the hidden shares ($) Handy to see who’s connecting to what on your server Christopher Bamber 29 th June 2000
Software Sites l WS_Ping_Pro. Pack - http: //www. ipswitch. com/Products/WS_Ping/index. html l Xploiter. Stat Lite - http: //www. xploiter. com/tambu/totostat. shtml l Sophos Anti-Virus – http: //www. sophos. com/ l MAILsweeper - http: //www. mimesweeper. com/ l Elron Firewall - http: //www. elronsoftware. com/enterprise/cvfirewall. htm l e. Trust - http: //www. cai. com/solutions/enterprise/etrust/intrusion_detection/ l Transcend - http: //www. 3 com. com/solutions/enterprise/networkmanagement/index. html l MIS Corporate Defence Solutions – http: //www. mis-cds. com/ – 23 contact James Guttridge 01622 723459 Christopher Bamber 29 th June 2000
Contact Information Christopher Bamber IT Systems Manager Somerville College, OX 2 6 HD E-mail: chris. bamber@some. ox. ac. uk Tel: 01865 2 70661 24 Christopher Bamber 29 th June 2000
- Slides: 24