Network Monitor and Managemnet tool advice

zillah2004

Could you kindly advise what is the best (or one of the best) management tool for an organization ( platform (servers) are hp, OSs are windows, and infrastructure are cisco devices ) for monitoring network and look at security vulnerabilities ? What I meant to say such a tool that does these two functions together. I am trying to use this one at work

Thanks

SouperComputer

you could do worse than backtrack for the security aspect of things.

For network monitoring, there's nagios

Frankly though if you have to ask the question and havent heard of these, it would be best to get in a security expert too look at things. By all means teach yourself as much as you can though.

zillah2004

you could do worse than backtrack for the security aspect of things. For network monitoring, there's nagios

I am looking to use it at work which windows paltform. backtrack is platform independent, because it runs from CD, and nagios is Linux platform.

Regards

ondafly

cisco network monitor - solarwinds.

zillah2004

cisco network monitor - solarwinds.

Does that mean i can not use specific monitor tool to monitor both servers and cisco devices ? because my interpretation (correct me if I am wrong please) to what you are saying that I have to use solarwindws for cisco devices, and I have to use something else for hp servers

ondafly

You want to see what patches etc are missing on a machine. Use Nessus

You want to see how your cisco devices are. Use Solarwinds

You want to monitor your Windows Events. Use Snare

You want to do all of the above in one tool - Use Compuware

parliament

GFI languard is a windows app that scans servers/pc's on you network for security vulnerabilities, it is also a patch management tool so if any vulnerabilities are found they can be automatically updated.Not to sure if it will work with any net devices though

ondafly

parliament wrote:

GFI languard

Windows only app. A bit slugish at times too. Nessus is the best, and its free.

parliament

I said it was a windows app...best is a matter of opinion, what works in one set up does not necessarily work well in another

Static M.e.

Nagios is a great tool once you get it configured even though its open source I would hire someone to come in and set it up for you. I've played around with it for a while now but I still ran into buckets loads of issues mostly due to the fact that I was learning linux as I went along.

HP uses Openview or Network Node Manager, we also have this in place. Its very expensive to begin with and the support you get is useless at best. Its also very hard to configure and personally I found it difficult.

I would go with Nagios and get someone to come and set it up for you.

parliament

Yip Nagios is impressive and has pretty helpful user forums as well, if you do want to try set up yourself

zillah2004

Thanks guys for the feedbacks.
But since I have got window paltforms (there isn't Linux nor Unix), I can not use Nagios,,,Am I right ?

You want to do all of the above in one tool - Use Compuware

Ok, I see. How is the support that you might need it from them (if you are aware) ?

Regards

Dr4gul4

zillah2004 wrote:

Thanks guys for the feedbacks.
But since I have got window paltforms (there isn't Linux nor Unix), I can not use Nagios,,,Am I right ?


Ok, I see. How is the support that you might need it from them (if you are aware) ?

Regards

nagios is nix dependant yes, however why not setup a box with debian and install nagios on this ?

It's not really that hard, and worse case you could just use a desktop to run it from.

It has to be said it's one of the Best Freeware tools for monitoring,

zillah2004

It's not really that hard, and worse case you could just use a desktop to run it from.
It has to be said it's one of the Best Freeware tools for monitoring,

It is good idea what about security vulnerabilities , does it handle it as well ?

Thanks

Dr4gul4

zillah2004 wrote:

It is good idea what about security vulnerabilities , does it handle it as well ?

Thanks

Fraid not but BackTrack contains Nessus it's live CD, Free also.

Tbh, if ure smart, u'll use the free stuff, Companies/It Managers like nothing better than when there employee's save the company money by implamenting free software that Does an amazing job.

You will have to spend some time reading up on nagios a bit, and nessus, backtrack has a GUI interface so it should not be incredibly hard to use, but u will want to research it ok.


As for security, the best cure is prevention, Maybe u should look into SMS updates on all machines, and scheduled Patch install on you're servers, if you're running 95/98/2000 machines Draw up a business case to have then upgraded, Windows Nt4 Server is no longer supported therefore there are no patches for it.


Where do u work ? it sound like u need to get sum 1 in to help out who has done thing b4, dont take this the wrong way but u have a lot of work ahead of u.

zillah2004

dont take this the wrong way but u have a lot of work ahead of u.

Really, I have got alot of work ahead to do.

NutJob

For management of Nessus http://inprotect.sourceforge.net// (new ish)

Then uses Nagios for the rest

_CreeD_

If it's any use to you, with pretty much no budget to get some integrated monitoring tools this is what I've used so far:

Windows:
Performance monitor from my PC running Sysmonitors for each of the servers for the usual resources (CPU,RAM,HDD,Network/Server).
Security is just handled by regular patching (yes this needs work, we're going to use WSUS soon and I'm thinking of putting an ASA 5505 before the Server switch in transparent mode).

Cisco:
PIX - PDM and Syslog (Kiwi free Syslog server). This is a pretty comprehensive and versatile mix.
Routers - Syslog, and then manual Debug for anything serious. Doesn't really allow for easy resource analysis though.

You can use a variety of SNMP based tools but the protocol does have vulnerabilities depending on the version.

Capt'n Midnight

3com transcend supervisor, if you use their net gear, the free one up to 1500 device if other brand then not too much info, but can do clickable map link to http / telnet to manage

if only windows platform then mbsa and msia are a good beginning

voodoo

Depending on the size of your network and the reasons for actually doing this, you could look at an appliance based vulnerability management solution like McAfee Foundstone - http://www.mcafee.com/uk/enterprise/products/vulnerability_management/foundstone_appliances.html

it would be really depending on your network size etc, if you are doing this for compliancy, how granular you are looking to get, whether you also want to include remediation against these vulnerabilities etc...