 |
|
|
|
|
 |
CertiGuide to Security+ 9 Chapter 3: Infrastructure Security (Domain 3.0; 20%) 9 3.1 Devices |
|
3.1.10 Network Monitoring / Diagnostics
Most networks larger than small workgroups incorporate network monitoring or diagnostic tools, to assist with network management. In section 1.7, we touched on their usefulness for auditing.
These tools may be devices to monitor and diagnose hardware issues or physical cable issues, such as TDR’s (Time Domain Reflectometers).
Sometimes an IDS includes some network monitor functionality, but the category of “network monitoring” is usually considered to be more generic than the capabilities provided by an IDS.
There are also software packages that monitor and diagnose network issues. Some of these include tools which:
monitor and capture network traffic (such as the Windows Network Monitor feature and the open source tcpdump network packet “sniffer”, which listens on the network for packets of interest and records them to a log)
diagnose network configuration glitches (such as the “dig” and “nslookup” tools to investigate name server issues, “traceroute” to check a packet’s route across the Internet from source to destination, “netstat” to view current connections on a system, “ipconfig” to check which name server a system is using for name-to-IP-address resolution, etc.).
look for available system services and vulnerabilities (port scanners, described below)
A “port scanner” is a software-based network service investigation tool which will inspect a network and report the hosts on it and which ports/services are available on each host. Often used specifically for security auditing purposes, a port scanner may also be used to verify application server availability or for other non-security-related purposes. Some port scanner packages, like nmap302, will report the OS’s run by systems on the network, and even whether or not packet filters or other monitoring tools are present on the network. These scanning tools were discussed in more detail in section 1.7 (Auditing.)
|
Network Monitoring/Diagnostic Tools Can Be…|
Quick navigation to subsections and regular topics in this section |
__________________
302. http://www.insecure.org/nmap
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.