• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Network security/monitoring

mammador

mammador

Platinum Member
I'd imagine most of us who post here work for firms with their own LAN/WANS, or at the least their own in-house ICT infrastructure (if it's not networked).

But how does monitoring work on a corporate LAN/WAN? It's something I've wondered for a while, since I'd imagine there must be some program or even algorithm that monitors all network traffic (including Web traffic). I guess there would have to be, to know how many packets are being sent, what the QoS is, etc.

But typically how is it done?
 
software (see http://forums.anandtech.com/showthread.php?t=212931 and http://forums.anandtech.com/showthread.php?t=272198) is configured to monitor each device in your network, be it server, router, firewall, switch, etc. the device's IP address is added to the software so it knows how to contact it. at specific intervals the software polls information from the device via SNMP, WMI, or basic ICMP. Typically every device is monitored via ICMP (aka ping). If a device stops responding to ICMP, an event such an email notification is trigger.

For windows servers, the monitoring software might poll server vitals (CPU, memory, disk I/O) every 60 seconds using WMI. these statistics are stored in a database and graphed for historical purposes. if these statistics violate a configured threshold (IE memory > 90&#37😉 an event such an email notification is trigger.

using your example, the monitoring software would poll each router interface using the SNMP MIB OID for inbound and outbound utilization (among others). once again, every polling result is stored in a database and graphed (such as http://www.stellarllc.net/Graph3.PNG). you could configure the software to send an email notification if the router interface has been >95% for at least 5 minutes. for monitoring ALL network traffic, you would use a specialized protocol like NetFlow.

there is much more to it, but that's the basic operation. read some of these links to get a better understanding:

http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
http://en.wikipedia.org/wiki/Network_monitoring
http://en.wikipedia.org/wiki/Netflow
http://en.wikipedia.org/wiki/Windows_Management_Instrumentation
 
Last edited:
could use host based IPS and/or IPS units to manage flow and threat monitoring. If you want to measure pure network traffic easier to setup nagios to your decent switches (or solarwinds if you like to spend lots of money).
 
Solarwinds is a lot of money? Its a bargain for what it does. My company started a new monitoring group two years ago and so far they have dropped over two million in software and man hours trying to get HP Openview to do what my group did in a couple of days on Solarwinds. Nagios is ok but commercial support is not that great and in large environments that is a hard sell to management. For security management Archsight is a good product but it is expensive.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top