Network Monitoring For Security

Network monitoring tools come in all flavors and levels of complexity. If you’re a lab rat, plenty of Command Line Interface (CLI) tools are available. One example is the venerable Ping, a reliable tool for operating on the “KISS” theory. Ping tests whether a particular host is reachable across an IP network; it works by sending ICMP echo request packets to the target host and listening for echo response replies. Ping estimates the round-trip time in milliseconds, records any packet loss and spits out a summary when finished.

Obviously, there are learning curve issues associated with CLI tools. For those less geek-minded, an abundance of Web-based GUI solutions including detailed reporting and graphical chart features are available. These tools can be easier to set up and use. Many come with pre-scripted configurations. Plus, the charts they produce are very handy when putting together executive presentations for network investment pitches.

Open-source tools, always an IT geek favorite, abound for network monitoring. They’re generally innovative, irreverent but stylish and, best of all, mostly free or cheap. Additionally, open-source monitoring tools are inter operable with almost every other tool or platform. The data from these open-source tools is almost always dumped into XML; even major vendors tend to drink from the XML cup at one stage or another. For example, one tool that was free under the GNU GPL began life as a nondescript little script to graph the use of a university connection to the Internet. It was later used as a tool for graphing other data sources including speed, voltage, temperature and number of printouts. Then network folks began using the software to poll network devices, retrieve MIB (Management Information Base) and SNMP (Simple Network Management Protocol) values, and use Perl scripts to post the results in graphs on webpages. The tool quickly became widely used not only by the open-source folks cobbling their own solutions together but also by very large proprietary vendors who borrowed from some of the tool’s capabilities to enrich their own solutions.

If you’re in the market for new gear, several network equipment manufacturers have developed tools that provide very detailed info for their own devices, adding significant value to the purchase. Be sure to investigate how well those tools inter operate, especially with operating systems on your network, to determine just how helpful the tools will be to your overall plan. It’s entirely too possible to end up duplicating expenses. For instance, you don’t want to find yourself in a situation where you bought new servers with a monitoring tool included for one location and the monitoring tool doesn’t play well with your servers running a different, non-supported operating system at another location.

If you already have a plethora of disparate devices, with varying degrees of inter-working talent and a sizable learning curve, all is not lost. There are monitoring appliances on the market that may be able to fish you out by aggregating and simplifying the management aspects of network monitoring. They accomplish this by managing the traffic to the standalone tools, whether they’re appliances or applications. The appliances provide the option of load-balancing across appliances living on different subnets. Theoretically, the process is more flexible and helps alleviate network bottlenecks caused by multiple monitoring tools, which slow down traffic to inspect it. The learning curve is also lessened, so your network managers aren’t staying up nights with five to six manuals on their bed-stands.

As the network becomes more complex, so must the monitoring system. Converged, or “triple play” networks, combine voice, video and high-speed data transmission over a single pipe. These need real-time performance management and monitoring. This type of network needs a system that examines each packet for jitter, latency and packet loss, and that’s just for starters. The traditional way of managing networks—using SNMP agents to poll network devices every five seconds to determine whether there is a network problem—will not do. There are monitoring solutions available that handle more demanding tasks such as fail-safe operation during a blackout, provide support for mirrored switch ports and VLANs, and niceties like an LCD display for troubleshooting.

If your network has become simply too complex and you can’t keep tabs on what’s happening, other people can do the job for you. There are companies to whom you can outsource your monitoring that provide various monitoring, management and analytical services. For example, one European service provider offers different modules to network customers and to companies using third-party networks. One module’s services include profiling a customer’s network over a specified time frame to identify issues, and producing a performance report on traffic and applications. A different module takes that information and makes recommendations to improve network efficiency. A third module gives ongoing tracking, reporting and performance reports, and another module manages the network against agreed-upon targets.

Tagged . Bookmark the permalink.

Comments are closed.