Lecture 4: Monitoring Network Resources

IT:Network:Apps

Need to keep track of many things◦ Traffic (packets)◦ Network load◦ Server load◦ Disk space◦ Log files◦ Availability of Servers/Services

Protocol Analyzer◦ Wireshark◦ Sniffer◦ Network Monitor

Need to see all packets◦ Promiscuous Mode◦ Management port on switch

Could use Wireshark again (Stats>Summary)

Administrative Tools > Performance◦ IPv4 – Datagrams (sent/received) / sec◦ Network Interface – Bytes (sent/received/total) /

sec

Performance again◦ Processor - % Processor Time◦ Processor - % Idle Time

◦ Memory – Pages/sec

Disk Space – does it have enough space◦ Performance Monitor◦ Logical Disk - Free megabytes; % Free Space

Disk Performance – is it fast enough◦ Performance Monitor◦ Logical Disk – Avg Disk Read|Write Queue Length

System keeps log files with important info◦ System; Application; Security; Others

Look at them!!! EventRover EventAlarm

Security Policy (Local, Domain, DC)◦ Local Policies – Audit Policy

What to watch◦ Account Logon Events – domain user auth by DC◦ Account Mgmt – ◦ Logon Events – user auth by local machine◦ Object access – file system/reg key/ printer

(ntfs security – Adv – audit)◦ Policy Change◦ Privilege use◦ Process Tracking◦ System Events

It Depends◦ Security – watch for what “shouldn’t” happen◦ Tracking – watch for what “is” happening

Do we need to know Mary successfully logged in?

Do we need to know the server restarted?◦ Why did it restart?

Do we need to know a user was created?◦ who created it and why?

Watch Log File

NetProbe Performance

Could be as simple as ping Could check for specific service (www,

smtp) Could check Performance Monitor settings

Windows Software Update Services◦ Patch management software

Microsoft Security Baseline Analyzer◦ MBSA, probes local and remote systems for

security issues Missing updates, hotfixes etc for most Microsoft

Software