Upload
maegan
View
42
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Monitoring Your Network. A College Approach Chris Bamber, IT Systems Manager Somerville College. Confidentiality: The contents of this presentation and workshop discussion are to be held in strictest confidence. Documents to Read. Oxford University's Computer Usage Rules and Etiquette - PowerPoint PPT Presentation
Citation preview
Monitoring Your Network
A College Approach
Chris Bamber, IT Systems Manager
Somerville College
Confidentiality: The contents of this presentation and workshop discussion are to be held in strictest confidence.
29th June 2000Christopher Bamber2
Documents to Read
Oxford University's Computer Usage Rules and Etiquette
http://www.ox.ac.uk/it/rules/
Somerville Rules for Computer Use
http://www.some.ox.ac.uk/cp_rules.htm
29th June 2000Christopher Bamber3
What We Can Use the Tools for
Identifying unofficial servers or services Monitoring usage and traffic statistics Protecting your network from the world Troubleshooting your network Investigating a security incident Keeping logs of users activities for
accountability
29th June 2000Christopher Bamber4
The Tools Used
WS_Ping_ProPack XploiterStat Lite Windows NT Event
Viewer Sophos Anti-Virus for NT Sophos Anti-Virus
ADMIN Tool Sophos Anti-Virus for
Exchange
Elron Command View Firewall for NT
eTrust Intrusion Detection (Sessionwall)
Transcend Workgroup Manager
Network Watch from NT Resource Kit
29th June 2000Christopher Bamber5
Somerville College Network
10MBCAT5
10MB CAT5
100MBCAT5
Fibre 100MB
Wireless Link2MB
100MB CAT5
10MB CAT5
100 MB CAT5
10MB CAT5
100MB CAT5
Fibre 10MB
Fibre100MB
Library HubLinkbuider FMS II1x24 port @10MB
Penrose HubPS 40
3x24 port @10MB
Wave-Point IIPTP Bridge
Wave-Point IIPTP Bridge
Catering HubSwitch 140M
1x4 port @10MB1 port @100MB
Media ConverterVaughan Hub PS 401x24 port @10MB
Bridge to MF
Margery Fry Hub PS 401x24 port @10MB1x12 port @10MB
Derbyshire HubLinkbuilder FMS II1x12 port @10MB
OUCS Router
100MBCAT5
Fibre10MB
100MB CAT5
FirewallNetworkMonitor
100MBCAT5
UnmanagedHUB
Med
ia C
onve
rter
s
Fibre 10MB
House HubSwitch 3300
2x24 port @100MB
Maitland HubSwitch 3300
1 x 24port + 1 x 12port @10/100MB + 1 x 100MB-FX
DHQ Hub Switch 11002 x 24 port
@10MB+2@100MB
Switch 3300 1x12 Port @10/100MB
100MBCAT5
Fibre100MB
West Hub Switch 33001x24 port @10/100MB
Wave-Point IIWirelass LAN
29th June 2000Christopher Bamber6
Ws_Ping_ProPack
This tool gives you basic windows interface into a few very handy utils:- Ping, Scan, TraceRoute, Whois, Lookup etc
Doing regular scans of common ports on your network will help to discover unauthorised services or servers
Very quick and simple, also cheap £30.00 for a licence
29th June 2000Christopher Bamber7
A Port Scan
29th June 2000Christopher Bamber8
XploiterStat Lite
Port monitoring software, TCP and UDP
Free, upgrade available at approx. £30.00
Produce text logs of active connections to your machine or servers
Handy for putting a trace on a machine your concerned about
29th June 2000Christopher Bamber9
Windows NT Event Viewer
Comes with MS NT Server,it’s FREE!
Use it to look at your logs Make sure you have some
logs Export your logs to examine
them in Excel, it’s quicker More advanced version
available as a plug-in in Windows 2000
29th June 2000Christopher Bamber10
Sophos Anti-virus for NT
It’s FREE!, site licensed to Oxford University
Protect your workstations from viruses
Use a protected install so users can’t remove it
Make it mandatory for all computers connected to your network
Keep it updated…
29th June 2000Christopher Bamber11
Sophos Anti-Virus ADMIN Tool
It’s FREE! Allows you to install SAV onto
your NT workstations remotely You need to have their admin
shares(C$) available for the initial install
Allows you to update and change the configuration of SAV
Monitors the status and current rollout of the IDE files
Allows you to force an update to the user workstation
Quick and simple
29th June 2000Christopher Bamber12
Sophos Sweep for Exchange
If you really have to run a mail server, install some virus scanning software
This is currently in Beta at the moment, but it works!
Again FREE!, available on site licence
SAVI is also available to connect to other mail server software
MAILsweeper is available for most systems and uses SAVI
29th June 2000Christopher Bamber13
Elron CV Firewall for NT
Offers fully IPSEC compliant VPN Capabilities
Includes NAT, DMZ and User Authentication
Delivers industry-leading, 3rd generation, Stateful Multilayer Inspection (SMLI) technology
Is easy to manage with a point and click interface
Cost - £1.7K, available from MIS Corporate Defence Solutions
29th June 2000Christopher Bamber14
Drill Down to View Rule Details
29th June 2000Christopher Bamber15
Specific Servers on Ports
29th June 2000Christopher Bamber16
Custom Defined Ports - Tuples
29th June 2000Christopher Bamber17
Log File View
29th June 2000Christopher Bamber18
Log Filtering
The latest version of the software now has a very powerful filtering ability for log files
This allows for quick analysis and troubleshooting of the network and firewall
29th June 2000Christopher Bamber19
Application Layer Commands
Available for FTP, inbound Email, News and Web
Allows you to lock down the common ports to valid commands only
Stops ICQ, Instant Messaging from using these ports
29th June 2000Christopher Bamber20
eTrust Intrusion Detection
Providing real-time, non-intrusive detection, policy-based alerts, and automatic prevention
Integrated anti-virus engine with automatic signature updates
Dynamic URL blocking and logging
Predefined policies for a wide range of attacks
Comprehensive built-in reports
29th June 2000Christopher Bamber21
Transcend Workgroup Manager
Network management utility for managing 3com hubs and switches
Workgroup & Enterprise edition will no longer be available from the end of June 2000 (so order today!!)
Support will continue for 5 years
29th June 2000Christopher Bamber22
Network Watch (NT Resource Kit)
Allows you to view and manage the network shares on your NT Servers
Includes the hidden shares ($)
Handy to see who’s connecting to what on your server
29th June 2000Christopher Bamber23
Software Sites
WS_Ping_ProPack - http://www.ipswitch.com/Products/WS_Ping/index.html
XploiterStat Lite - http://www.xploiter.com/tambu/totostat.shtml
Sophos Anti-Virus – http://www.sophos.com/
MAILsweeper - http://www.mimesweeper.com/
Elron Firewall - http://www.elronsoftware.com/enterprise/cvfirewall.htm
eTrust - http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/
Transcend - http://www.3com.com/solutions/enterprise/networkmanagement/index.html
MIS Corporate Defence Solutions – http://www.mis-cds.com/
– contact James Guttridge 01622 723459
29th June 2000Christopher Bamber24
Contact Information
Christopher Bamber
IT Systems Manager
Somerville College, OX2 6HD
E-mail: [email protected]
Tel: 01865 2 70661