Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

7 Ways to Monitor your Local Network

on October 27, 2010

Just as with the internet there is plenty to monitor on your local network too. An effective monitoring system can greatly enhance the security of your network by detecting issues before malicious attackers have time to exploit them and by being able to stop a successful attacker before he has time to consolidate his hold.

  1. Open File Shares
    While an open file share might not seem like a big deal, it can actually become one. Many viruses and malware use it as a vector to propagate so it is essential that any open shares are properly secured.
  2. Users and Groups
    It is very important for an administrator to keep an eye on users and groups across his network. When someone manages to gain access to a machine through an attack or an exploit it is likely that the first action he’ll do is create a new user and assign to it as many rights as he can. Detecting the addition of new unauthorized users is a clear sign that swift investigation is required.
  3. Network traffic
    Internal networks can be the source and target of attacks just like the internet is. The company’s own employees might try to gain access to systems they’re not authorized to use. An IDS system on the local network could detect when such attacks are attempted.
  4. New Software and Hardware
    This is an obvious one. It is essential to keep track of what software and what hardware is installed on your network. Some software could introduce new exploitable vulnerabilities as well as create an unexpected environment that might cause issues after being patched. Hardware such as wireless networks and portable storage devices can also be a security threat.
  5. Installed software
    Software is not something you deploy and then completely forget about. You need to make sure that you have a mechanism in place that monitors its health and informs you (or an administrator) if updates fail or if new vulnerabilities are public that can be exploited by attackers. It is important to monitor these things because the last thing you need is an antivirus that fails to update and notify you/an administrator due to a firewall that is blocking network access to the antivirus.
  6. Events and Logs
    Software and hardware tries to communicate with the user when they encounter issues. They do this through the use of the event log systems and log files. Monitoring these events / logs could alert the administrator as to when things start to break, attack attempts, as well as unexpected behaviour of the hardware or software.
  7. Desktop and Servers health
    Desktops and especially servers can run into health problems just like people do. On a desktop which is generally in constant use, the user is likely to notice when things start to go wrong; however, on a server that is generally left unattended this might not be the case. It is essential to monitor the system for failures such as bad blocks on the hard drive, ECC ram having to correct too many errors and even trivial, yet extremely important, things such as the hard drive running out of space or the system using more memory than is available.
submit to reddit
 
Comments
Sue Walsh November 1, 20103:39 am

Great post. A friend of mine recently started getting warned that she was going over the data cap her ISP has in place and was getting huge overage charges. After some investigation it was discovered a neighbor had cracked her WEP security and had been borrowing her internet connection to download movies and other high bandwidth things.I highly suggest that routers never be secured with WEP. It’s too easy for a hacker to crack. WPK is much more secure.

Emmanuel Carabott November 1, 201011:17 am

Hi Sue,

That’s quite a bad scenario. Not only is your friend getting charged for her neighbors’ abuse but she might also get in legal trouble as anyone investigating the unauthorized duplication of said movies will be led back to her (assuming her neighbor is engaged in the downloading of copyrighted material without authorization). Another possibility would be restrict access to authorized MAC addresses as well, but yes, you’re definitely right, WEP is basically only very slightly better than having no password at all. Tools are available that can crack WEP in 3 – 5 minutes so it’s definitely not considered secure.

paul December 12, 20106:30 pm

I think comparing desktops and servers to people is a great analogy (more likely because I spend more time with one group over the other *smiles*). But kidding aside, it’s quite true. Negligence on the part of the user, whether it’s on desktops or servers can lead to dire consequences down the road; especially to unattended servers. Maintenance on hard drives, RAM, mobos and other drives are essential to keep things running like clockwork.

Angela December 14, 20107:28 pm

I think this is quite an impressive checklist when it comes to improving local network security. It’s definitely something to sticky on corkboards of system admins looking to beef up the security of their system. Monitoring your local network, I believe, is much like going to the doctor for a check-up. Any hiccups, anomalies and potential threats can easily be identified if you know what you’re looking for. It’s definitely much more productive than simply responding to threats that are already underway.

Garry Benson January 4, 201110:26 pm

Monitoring events and system logs may probably be one of the most effective, yet tedious practices of monitoring your local network. Most especially on systems and servers getting a lot traffic from remote or off-site use, it may be difficult and time consuming to sift through literally tons and tons of logs. But in the end, you won’t get a more precise documentation of system and server activity anywhere else.

Donna January 5, 20115:20 am

A few co-workers and I have recently had a discussion about the effectiveness and practicality of network monitoring as opposed to personally enforced practices. We were split dead center on which method we supported, though those of us opposed to personally enforced practices cited that a company has no right to snoop on the work of others. However, I think a company has every right to monitor and observe the staff, equipment and property it is paying to use and employ.

lawrence January 5, 20115:21 am

A few co-workers and I have recently had a discussion about the effectiveness and practicality of network monitoring as opposed to personally enforced practices. We were split dead center on which method we supported, though those of us opposed to personally enforced practices cited that a company has no right to snoop on the work of others. However, I think a company has every right to monitor and observe the staff, equipment and property it is paying to use and employ.