Geek Speak in thwack CommunityWhere is this forum or group located?

Log in to follow, share, and participate in this community. Not a member? Join Now!

CSS

HTML

Recent Blog Posts

Refresh this widget

We are pleased to announce that SolarWinds Network Performance Monitor (NPM) version 10.5 is now available for download.

 

As today’s dynamic networks grow in size and complexity, the number of active routing topology states grows exponentially.  With the new network route monitoring feature, SolarWinds NPM takes fault and performance monitoring to the next level by providing real-time network route information alongside device status and performance statistics.  With support for major routing protocols including RIP, OSPF, and BGP, IT pros can now view routing tables, changes in default routes, and flapping routes in an intuitive web-based console.

 

Additionally, many advanced network services including multimedia distribution, finance, education, and desktop imaging rely on IP multicast to reduce network bandwidth usage. SolarWinds NPM’s new IP multicast monitoring feature enables IT pros to monitor routers, switches and end-points that receive and forward multicast packets by automatically detecting and importing existing multicast groups and applications.

Other new updates to SolarWinds NPM include advanced interface filtering by hardware type, name, VLAN and more for importation of new nodes and interface; and interface auditing.

You can learn more about NPM version 10.5 and download a free fully functional 30-day trial so you can see how it works in your network.

Welcome to SolarWinds blog series “Diving Deeper with NetFlow – Tips and Tricks”. This is the first of 6 part series where you can learn new tips by understanding more about NetFlow and find some everyday use cases for effective network monitoring.

 

Network problems seem to be a never ending condition for administrators who are charged with both maintaining network performance and delivering advanced network services to their organizations. The restraint in IT budgets and increasing pressure to ensure constant uptime, has pushed network engineers to try and manage existing resources and control costs. For engineers, troubleshooting network related problems and solving bandwidth issues can be achieved by taking advantage of existing flow technologies in your routers and switches. By using NetFlow, monitoring your network traffic not only becomes much easier but also provides greater visibility, by collecting and analyzing the flow data in your network.


What is NetFlow?

 

NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information, which eventually became the universally accepted standard on traffic monitoring and is supported on most platforms. NetFlow answers the questions of who (users), what (applications) and how network bandwidth is being used.  By understanding NetFlow much deeper, you can probe more into the insights and everyday uses that you haven’t thought about.


Effectively troubleshoot network issues with NetFlow

 

NetFlow data contains information about the network traffic, which helps network administrators to attend to issues related to application slowness and network performance degradation. Using NetFlow you can:

  • Identify the hosts involved in a network conversation from the source and destination IP addresses, and its path in the network from the Input and Output interface information.
  • Identify which applications and protocols are consuming your network bandwidth by analyzing the Source and Destination Ports and Protocols.
  • Analyze historical data to see when an incident occurred and its contribution to the total network traffic through the packet and octet count.
  • Ensure the right priorities to the right applications using ToS (Type of Service) analysis.

 

Flow data helps you keep track of interface details and statistics of top talkers and users, which can help determine the origin of an issue when a problem is reported. With Type of Service (ToS) in NetFlow records, you can understand traffic pattern per Class of Service (COS) in your network. With that you can verify Quality of Service (QoS) levels achieved and optimize network bandwidth for your specific requirements. Additionally, NetFlow data helps you to analyze usage patterns over a particular time and find out who or what uses most of the network bandwidth. NetFlow provides support to quickly troubleshoot application and performance related problems in your network.


Maintaining Network Uptime with NetFlow

 

Network uptime is critical to an organization’s revenue and an understanding of traffic behavior helps you maintain that. Excessive use of network bandwidth by users and applications can be controlled by identifying the top talkers from real-time and historical data. Manually collecting the flow data and analyzing it is a humongous task. By using a NetFlow analyzer, you can capture NetFlow data from different points in your network and convert them into easy-to-interpret information that help with better management of your enterprise network.

To learn more about NetFlow, check out our NetFlow V9 Datagram Knowledge Series.

 

The ‘Diving Deeper with NetFlow – Tips and Tricks’ webcast is scheduled on 23rd May 2013. Register here and become an expert in understanding and implementing NetFlow in your enterprise networks.

Storage manager uses Tomcat for the web server. The session timeout parameter can be found in the web.xml file.

 

For windows the path will be:

 

<installed drive>\Program Files\SolarWinds\Storage Manager Server\webapps\ROOT\WEB-INF

 

Linux:

 

/Storage_Manager_Server/webapps/ROOT/WEB-INF

 

Within the WEB-INF subdirectory there will be a file called web.xml. Open this file with a text editor and do a search for <session-timeout>.

 

The default will be set for 30 minutes. If we want to change the timeout to 1 hour, we simply change the value to 60.

 

Before:

 

<session-timeout>30</session-timeout>

 

After:

 

<session-timeout>60</session-timeout>

 

 

If you wish to set the timeout to infinity, change the value to -1.

 

 

Once the changes have been made save the file and restart the Storage Manager Web Service.

 

 

To restart the service for Windows, run services.msc, next locate the SolarWinds Storage Manager Web Service and select restart.

 

 

1.jpg

 

 

To restart the web service in Linux, open a SSH session to the Storage Manager Server and log in with an account that has proper permissions such as root and type the following command:

 

 

/etc/init.d/storage_manager_server restart webserver

 

2.jpg

 

Note that upgrading or performing an uninstall and re install of Storage Manager will set the timeout value back to the default of 30 minutes.

Targeted espionage in simple terms is the practice of illegally spying and investigating competitors, mostly to gain business advantage. The target may be financial information, a trade secret such as a proprietary product specification and so on. You may think that your organization is not a high-value target, but that’s not true.

 

There is always a hunt for sensitive and personal information like credit card and social security numbers, patient records, etc. In most cases, a highly targeted attack precedes an APT, and it may exploit a maliciously crafted document or executable, which is emailed to a specific individual, or a group. APT or Advanced persistent threat refers to an entity or a group with both the capability and the intent to persistently target a specific organization or a network, etc.

 

A recent survey conducted by Verizon on data breach, revealed the victims by Industry:

     • 37% - Financial Organizations
     • 24% - Retail and Restaurants
     • 20% - Manufacturing, Transportation and Utilities
     • 20% - Information and Professional services

 

So how does the attack typically happen?
The factors that contribute to attacks like this are known as ‘threat actors’ and they can be classified into three categories:
     • External - The ones outside the victim organization
     • Internal - These threat actors are the ones within the victim organization
     • Partners - Partners can be any third party that share a business relationship with the organization

 

Most attacks come with an intent to crack the financial data, sometimes business information. Hence the attacks can come in the form of data theft attempts, SQL injection, spyware, phishing attempts, hacking and other kinds of malware.

 

For instance, databases are increasingly becoming targets for hackers which has resulted in information security becoming one of the most important drivers for security investments. You need to have visibility and protection over security & compliance, and protection of your data. To ensure this, you need to collect and consolidate log data across the IT environment and correlate events from multiple devices in real-time.

 

A recent report showed that a decade-long espionage operation used the popular TeamViewer remote-access program and proprietary malware to target political and industrial figures in Hungary

 

So it’s high time that you get proactive and shield yourself against possible threats. You need to continuously monitor the activities on your web server, firewalls and endpoints. By deploying a logfile
analyzer tool, you can identify anomalies, deviations in policy definitions and baseline your IT environment for vulnerabilities, and shield them.

Don't Be a Sitting Duck!

 

Script kiddies test the defenses of FTP servers and SFTP servers (using SSH) every minute of every day.  IT administrators have gotten used to these probes, and smart ones have already enabled IP lockouts on their perimeter servers.  (This setting is on the "Server Settings" pane in Serv-U FTP Server.)

 

sitting_duck.jpg

However, there are a number of "well known" usernames that should never be used as usernames on FTP servers and SFTP servers because they are just too easy to guess.

 

10. administrator -  Very popular in Windows environments.  Don't use it on your FTP server.

9. oracle - Companies that like to write big checks to Larry often cut corners elsewhere to make the payments.  Don't follow the herd using "oracle" on systems that connect to the enterprise database.

8. mysql - Don't use the names of other databases or back-end infrastructure either. (Also avoid "sa", "sqlserver" , "nas", "postgres", etc..)

7. user - Popular test account, often set up with too many permissions, and often rolls over from the evaluation environment to production.

6. guest - "Sure, c'mon in.  You can use the bathroom, the phone and my checkbook."

5. apache - It's also common to see people name accounts after the web application they support with their FTP or SFTP services. (Also avoid "iis", "serv-u", "nginx", "www", etc.)

4. info - I'm honestly stumped on why "info" is popular (if you know, tell me in the comments), but it is.

3. test - "It's just a test account.  I promise I'll delete it - soon."

2. admin - Tempting to use in web applications (including Serv-U) because it's so short. Pick usernames like "[your initials]admin" instead to avoid script kiddies.

1. root - By far, the most popular attack target.  If you're building a honeypot, include root.  If not, don't.

 

Other Usernames to Avoid

 

Did I miss some the usernames you expected to see?  If so, tell me about them in the comments section below.

More

Ad

Recent Content

Refresh this widget
Filter by Categories & Tags