Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Recommendations for Computer Monitoring and Security Software

Status
Not open for further replies.

FlavesEnt

MIS
Mar 2, 2004
21
US
Hello all,

I work for a k-12 educational school district. We are budgeting for our software needs for next year. At this time, we have several hackers/mischief makers in our student body.

We are currently looking for software soloutions to monitor, track, catch, and prevent some of their behavior.

We have Group Policy running to enforce some restrictions, and we have Activity Monitor running to track certain behavior of theirs.

Any recommendations for Remote Software, Monitoring, or Security Enhancing software is greatly appreciated. Thanks for your help.

Dan
 
Have you considered hardware devices as well? Something you might want to take in to account anyway. Do your homework on Intrusion Prevention Systems. There are several out there that are worth the money. Some are software based, others are appliances. Linux? Windows? Don't care? This is also an area that needs addressing. What kinds of requirements do you have? 10/100mbit? 1gb? More?

If you are able/willing, Tippingpoint Technologies is really good. It is an appliance that runs on their own custom OS (OS reminds me of Linux, but cli commands are closer to Cisco) and they also have a web interface to manage them. Sourcefire, the company that owns and funds Snort, also has some devices. And McAfee has some really good devices as well.

----------------------------
"Security is like an onion" - Unknown
 
We are fairly secure from the Outside. We have a Cisco PIX Firewall in place, along with an ISA Server as our Proxy Server. I believe the ISP comes into the Pix, which then comes into the ISA. The ISA is only running that, and has no other secure data, such as email, or databases on it. It is also not the server that stores our website, as that is off site.

What we are mainly concerned with is students who can tamper with local machines, and possibly other devices/machines on the network, which has been a problem as of late.`

As for our speed, internally, we are running at 100 from each classroom to its respective IDF in each wing, and 1000 from each IDF to the MDF.

Hope that information helps. Any suggestions are appreciated.

Thanks.

Dan
 
Well, one thing which should be done is lock down all the PC's and servers. OS venders ie MS, Sun etc all have tech notes on how to lock down their OS'. With MS (NT4,W2k, XP etc) they all have a security log, this should be enabled and monitored. Here's a link for MS event log monitoring On the Unix side scripts can be automated to do checks and email them to you. Of course, you can always go as far as putting a Firewall between you PC network and Server network only allowing the specific traffic necessary, or use sniffers. This can get expensive, if you have a little money to play with, I'd set up a server that isn't really used for anything, has some fake important looking files and run a MS default sniffer on it or download ethereal.
good luck.
 
Be careful about how you lockdown student pc's. Obviously it needs to be done, but as my old High School found out the hard way, if you get too totaltarian about it, they'll rebel and cause you many more problems than you resolved by locking down the PC's. As for software on local machines, have you thought about host-based IDS'es? Snort can be host-based, and you have software like Tripwire and Osirus which monitor file changes. I also echo what rn4it said.

----------------------------
"Security is like an onion" - Unknown
 
Look at this product:
We used these at a college I used to work and really liked them. They are not exactly what you are asking about but might be part of an overall solution. You might also consider shifting all your student PCs over to a seperate vlan and subnet if they are not already...

Good luck
 
Cisco make a product called Cisco Secure Agent (CSA) which can be used to lock down application installs on desktops, monitor traffic and disable ports. I've used it in the past and was pretty pleased with its performance. I think it can get a bit pricey so you'll most likely want to speak with someone about it.

HTH
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top