Comments
-
User awareness and training is so critical here. Recently I spotted a Ransomware campaign targeting companies that had job openings advertised. The attackers sent 'CVs' to people within the targeted organizations, emails looked very convincing. Gone are the days where you received generic phishing emails with bad spelling.…
-
Hi scvvuuren This may give you some more ideas. We develop a product called LANGuardian which connects to a SPAN port. You can report on network activity based on MAC, IP or username. This data can then be integrated into your SolarWinds views so you retain a single console to see what is happening on your network. The…
-
Hi Patrick, Interesting request and something I have heard from a number of people. We develop a system called LANGuardian which includes an IDS and you can see what the integration looks like a the link below. Top left element contains data sourced from LANGuardian. You may get some ideas from this.…
-
Very interesting debate jgherbert Log files were originally designed for logging server problems\alerts. They were not designed for usage monitoring but that is the way some people use them now. Maybe HSL moves them on so that they are more useful. Some interesting reading at this link -…
-
Hi Andrew, We have developed something which can do this called LANGuardian. It uses network packets as a data source (SPAN\mirror port or promiscious mode on a vswitch). You can drilldown from network traffic to see what files were copied or what sites were accessed. If you click on the file share traffic at the link…
-
User called me on the phone. Had an issue with PC. Asked them to explain more and they said "look I am pointing at the error on the screen".
-
If you need any more info let me know. I am using a VM snapshot based on Windows Server 2008. It is fully patched and I have used it to install NPM 10.1, 10.3, 10.4 and 10.5 without any problems. Darragh
-
The exploit attempts are not just targeting the big names either. I was discussing the issue with a few customers earlier and they are reporting exploit attempts coming in from China registered IP addresses. Some more info on this in my blog, link below. The network in question operates out of a single data centre with…
-
I don't know if this would help, but you could also use a DPI (Deep Packet Inspection) based product like the LANGuardian to monitor and alert for the creation of files associated with ransomware like the names HowDecrypt.txt or HowDecrypt.gif and also monitor for access attempts to IP addresses we have found associated…
-
One of the challenges of the Hearthbleed clean-up is putting an inventory together of what to patch. As you mention in point two, you should patch operating systems. In today’s Internet of everything world most devices have an operating system. I ran some tests on my home network and I found a NAS system running OpenSSL.…
-
Wireshark for single client diagnostics
-
Very interesting topic ghostinthenet As part of my job I end up working on lots of different networks. I am amazed how many people still use default SNMP stings or connect to critical switches via telnet. Another issue is logons to SIEMs and other network monitoring devices,
-
I see this more and more as a challenge of finding bad vs good use of bandwidth. YouTube is a great example of this, a fantastic site with lots of material that can be used for research and training. But, it is also a top destination for time wasters and bandwidth hoggers. Blocking access to sites like YouTube can cause…
-
Terrible news. Loved his work.
-
This may give you more ideas. We develop a product called LANGuardian which uses network traffic as a data source. Using deep packet inspection techniques we extract file information from packet payloads. You can see it in action in the video below. From the traffic we extract information like filename, location, action,…
-
A really interesting discussion on DPI jbiggley! DPI has become a broad term now, anything from Wireshark to software or appliances which store metadata and/or full packets. Sometimes we need to step back and wonder why we really need this technology. I work for a DPI vendor and one thing I see more of is that DPI is used…
-
Tracking malware, viruses and 'dodgy' apps is a key thing for any network manager. It does not matter what size the network is, you need to keep the bad stuff out. SolarWinds UDT is another good tool in this space and when you combine it with a forensics tool like LANGuardian you get a single-pane-of-glass view of both…
-
I can setup a demo with you Dilip. I'm a techy rather than a sales guy so I will focus on the bits and bytes. Will try and send you a DM
-
We do have an option for this, we call them probes. Each of them does deep packet inspection locally (WAN site, DMZ, virtual switch or where ever you want) extracts the metadata and report back to a central system. It is something similar to what SolarWinds are looking at although from what I have read they are more…
-
Not sure where to log this but there is an annoying 'feature' with the install which I did not have with previous NPM versions. Installing on Win2008 server, the annoying part is you cant click on the link in the error message so you have to go find it. When you do type in the link you get a download not available message…
-
Another good source of data for website performance monitoring is network packets. This is especially true if the web applications are accessed by people on the web who you have no control over. A good deep packet inspection tool can extract things like application type, URL, URI, web client versions and other metadata.…
-
Hi Abel, When the user authenticates on the network do you have events on the Windows domain controllers with the users client IP? Darragh
-
In a way this is the 'bread and butter' of network and server administration as its such a common issue. Trying to find the route cause or the smoking gun as to why a server is running slow. I was on site a few months ago with a customer and they had a problem with a web application. For every minute it was down it was…
-
Agree. In a way tools which gather information as to what users are doing are the 'eyes on your network'
-
I always get them to look out the window or onto a corridor and say to them. Why have we CCTV cameras up. What is the ROI on them? It is hard to calculate unless you have a problem. SIEM and network monitoring tools fall into the same space. They are there to watch over things, something to record activity and should there…
-
Hi Abel, What if you were to use a SPAN port off the switch that the ASA connects to? You could use wireshark to check for the client IP addresses or it may show NAT addresses. Sounds like you need a data source inside the ASA Darragh
-
Interesting subject and one I work on with customers every day. The most recent was with a large publishing firm. Users at a remote office were complaining that the 'network was slow'. Not sure how many users were based at the remote office but it was somewhere around 60. While remote desktop would have been ideal if we…
-
I upgraded one of my systems and the upgrade process completed without any issues. Well done to Microsoft on this one.I use an extended display and this works much better in Windows 10 so it was worth the upgrade for this alone. Just two issues I needed to fix after the upgrade 1. I had been using VMWARE workstation 10x.…
-
Getting usernames seems to be important for most IT managers that I meet. We integrated our LANGuardian system with Orion so it gives you a flavour of what usernames would look like in NPM or NTA. You can see an example of this at our online demo below demo2.netfort.com/Orion/SummaryView.aspx?viewid=1&AccountID=guest
-
Hi n2n8ure I come across this issue a lot, especially in college networks where people bring in devices infected with malware which then send large volumes of SPAM. While alerting based on port numbers is a great start you should look at extending this to application recognition. What I mean is to get alerts if traffic on…
