Security Basics mailing list archives
RE: Monitoring Software
From: "Alex Bolduc" <abolduc () gogotech com>
Date: Wed, 16 Apr 2008 10:36:38 -0400
I find there to be a high degree of relevancy; comprehensive security comes from a holistic understanding of your environment as much as it does from knowing something very specific like if you're vulnerable to an particular exploit (in other words, different levels of awareness that create a more complete "picture"). Not to mention monitoring solutions can make great diagnostic tools. It should be clear that recognizing deviations from typical operating conditions aren't enough to guarantee security, but they can be indicators that something is amiss; but how would you know if you weren't monitoring? i.e. you log outgoing SMTP traffic and you know that based on historical trends you average about 90MB/day...suddenly your monitoring tool is telling you that the amount has tripled. Has one or more machines on your network been compromised with a mass emailing virus? Should you consider blocking outbound SMTP from machines that aren't mail servers to protect other LAN segments and as a way of improving your security configuration? If you aren't monitoring, how would you know and/or identify the problem, especially in a manner that is proactive? Ahmad, it would be helpful if you indicated what you wanted to monitor...uptime/downtime, disk space, CPU usage, log files, types and number of devices, etc. as well as how much you are budgeting. Identifying mission-critical systems and services can be a helpful start. If you're more of a Net Admin you likely find that you'll need to go beyond merely identifying the box (like a DB server) and that you have a need to actually monitor individual services (just because the DB server replies to a ping doesn't mean that your DB apps can still connect to the SQL service on port 3306 or whatever). If you're more of a Sys Admin, don't forget core internetworking hardware (routers, switches, etc.)! Even more obscure metrics are obtainable depending on hardware/software support in your environment...chassis temperature, backplane utilization on switches, packet loss, load levels on UPSs, paper jams on printers, etc. Here is a list of some monitoring tools that may or may not be applicable, again, depending you're your specific requirements: http://en.wikipedia.org/wiki/List_of_network_management_systems -Alex Bolduc -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Roman Shirokov Sent: Tuesday, April 15, 2008 4:33 PM To: Ahmad Abu Gharbieh Cc: security-basics () securityfocus com Subject: Re: Monitoring Software Hi Ahmad, Maybe I missed something.. how is this connected to security? Tuesday, April 15, 2008, 12:34:30 PM, you wrote:
hi all im trying to find a software that can monitor servers and give weekly or monthly report about all servers, i have tried nagios but its reports are not that well organized any suggestions?
thanks
-- Best regards, Roman Shirokov e-mail:insecure () yandex ru Semper Fidelis
Current thread:
- Re: Monitoring Software, (continued)
- Re: Monitoring Software Chuck Tuffli (Apr 15)
- Re: Monitoring Software Kurt Buff (Apr 15)
- Re: Monitoring Software Chuck Tuffli (Apr 15)
- Re: Monitoring Software Kurt Buff (Apr 15)
- Re: Monitoring Software Kurt Buff (Apr 15)
- RE: Monitoring Software Noor Ali Jindani (Apr 16)
- Re: Monitoring Software Chuck Tuffli (Apr 15)
- Re: Monitoring Software Roman Shirokov (Apr 15)
- Re: Monitoring Software Ali, Saqib (Apr 15)
- Re: Monitoring Software AAMIR NIAZI (Apr 16)
- Re: Monitoring Software Ahmad Abu Gharbieh (Apr 16)
- RE: Monitoring Software Seth P. Low (Apr 16)
- Re: Monitoring Software Ali, Saqib (Apr 15)
- RE: Monitoring Software Alex Bolduc (Apr 16)
- Re: Monitoring Software vipw01 (Apr 16)