Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Network Security.

Status
Not open for further replies.
VieiraR

VieiraR

MIS
Jul 3, 2003
66
0
0
US
Hi,

I am in charge of small companies network. We have about 100 systems on this network with 3 servers(1.DNS,WINS,PDC 2.Lotus Domino 3. File Server) We are using a netscreen firewall which is placed behind our router do to some issues during intial set-up(Per my boss). What I am looking to do is keep an eye on the network using either Snort or Ethreal. I want to make sure no one is getting through our firewall and I want to be able to manage our users internet usage. My question is am I looking at the right products and which one should I use? Any info on setting them up? I am new to this security stuff but want to learn as much as possible. Any help would be great.

Thanks,
Rich
 
Sort by date Sort by votes
You will want to monitor between the Netscreen and the router, this way you can tell if there are sucessful attempts (all firewalls only log unsuccessful attempts.) This also gives you one point to monitor all traffic to the router (good for finding zombie/trojan infected machines.)

Snort works well for traffic sniffing, the amount of data of a typical days work may make internet monitoring too time consuming. I'd recommmend a different approach for that.

Alex
 
Upvote 0 Downvote
Netscreen has been a word used a lot in these forums, but I've never encountered it. Time for some research!

I use a Netgear FVS318 VPN Firewall on my 150 user network. Supports 256 users and 10 VPN tunnels. (Can buy more though). This does my basic keyword filtering, SPI, NAT, Port Forwarding, Logging, etc. Everything a standard VPN firwewall should do.
Very good product.

All the trafic from there then goes to my ISA server, which just acts as a IP router and internet traffic logger.
This also creates a DMZ which we don't use, but at any point I could slap in a TS or IIS box and reduce the ports on ISA server.

I have struggled with internet logging though. They seem to be VERY expensive. If you don't need ISA server (someone brought it before I had the job) then the firewall really is enough. Keyword block swearwords, downloading words, sex related words and hateful/racists words. That does the majoirty.

Hope this helps.


Steve.
 
Upvote 0 Downvote
Ethereal is a nice sniffer for free, I have it looking at all traffic outbound from my network. Right now my filter is set to look for SMTP traffic from any computer EXCEPT my mail server. So far I have spotted 3 computers infected with the Netsky worm. Ethereal is NOT a intrusion detection system, it is a good free sniffer.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
99
hairlessupportmonkey
hairlessupportmonkey
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
67
acabezas2014
acabezas2014
gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
51
gbayi_omo
gbayi_omo
abhi21
  • Locked
  • Question
Interesting article on Cyber Security
Replies
0
Views
33
abhi21
abhi21
jfp23
  • Locked
  • Question
Site to Site VPN Security
Replies
2
Views
56
PScottC
PScottC

Part and Inventory Search

Sponsor

Back
Top