RE: Monitoring Software

["Alex Bolduc" <abolduc () gogotech com>]

I find there to be a high degree of relevancy; comprehensive security comes
from a holistic understanding of your environment as much as it does from
knowing something very specific like if you're vulnerable to an particular
exploit (in other words, different levels of awareness that create a more
complete "picture"). Not to mention monitoring solutions can make great
diagnostic tools.

It should be clear that recognizing deviations from typical operating
conditions aren't enough to guarantee security, but they can be indicators
that something is amiss; but how would you know if you weren't monitoring?

i.e. you log outgoing SMTP traffic and you know that based on historical
trends you average about 90MB/day...suddenly your monitoring tool is telling
you that the amount has tripled. Has one or more machines on your network
been compromised with a mass emailing virus? Should you consider blocking
outbound SMTP from machines that aren't mail servers to protect other LAN
segments and as a way of improving your security configuration? If you
aren't monitoring, how would you know and/or identify the problem,
especially in a manner that is proactive?


Ahmad, it would be helpful if you indicated what you wanted to
monitor...uptime/downtime, disk space, CPU usage, log files, types and
number of devices, etc. as well as how much you are budgeting. Identifying
mission-critical systems and services can be a helpful start. If you're more
of a Net Admin you likely find that you'll need to go beyond merely
identifying the box (like a DB server) and that you have a need to actually
monitor individual services (just because the DB server replies to a ping
doesn't mean that your DB apps can still connect to the SQL service on port
3306 or whatever). If you're more of a Sys Admin, don't forget core
internetworking hardware (routers, switches, etc.)! 

Even more obscure metrics are obtainable depending on hardware/software
support in your environment...chassis temperature, backplane utilization on
switches, packet loss, load levels on UPSs, paper jams on printers, etc.

Here is a list of some monitoring tools that may or may not be applicable,
again, depending you're your specific requirements:

http://en.wikipedia.org/wiki/List_of_network_management_systems


-Alex Bolduc

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Roman Shirokov
Sent: Tuesday, April 15, 2008 4:33 PM
To: Ahmad Abu Gharbieh
Cc: security-basics () securityfocus com
Subject: Re: Monitoring Software

Hi Ahmad,

Maybe I missed something.. how is this connected to security?

Tuesday, April 15, 2008, 12:34:30 PM, you wrote:

> hi all
> im trying to find a software that can monitor servers and give weekly
> or monthly report about all servers,
> i have tried nagios but its reports are not that well organized
> any suggestions?

> thanks




-- 
Best regards,
 Roman Shirokov
 e-mail:insecure () yandex ru

 Semper Fidelis