IT:Network:Apps

 Need to keep track of many things ◦ Traffic (packets) ◦ Network load ◦ Server load ◦ Disk space ◦ Log files ◦ Availability of Servers/Services

 Protocol Analyzer ◦ Wireshark ◦ Sniffer ◦ Network Monitor  Need to see all packets ◦ Promiscuous Mode ◦ Management port on switch

 Could use Wireshark again (Stats>Summary)  Administrative Tools > Performance ◦ IPv4 – Datagrams (sent/received) / sec ◦ Network Interface – Bytes (sent/received/total) / sec

 Performance again ◦ Processor - % Processor Time ◦ Processor - % Idle Time ◦ Memory – Pages/sec

 Disk Space – does it have enough space ◦ Performance Monitor ◦ Logical Disk - Free megabytes; % Free Space  Disk Performance – is it fast enough ◦ Performance Monitor ◦ Logical Disk – Avg Disk Read|Write Queue Length

 System keeps log files with important info ◦ System; Application; Security; Others  Look at them!!!  EventRover  EventAlarm

 Security Policy (Local, Domain, DC) ◦ Local Policies – Audit Policy  What to watch ◦ Account Logon Events – domain user auth by DC ◦ Account Mgmt – ◦ Logon Events – user auth by local machine ◦ Object access – file system/reg key/ printer  (ntfs security – Adv – audit) ◦ Policy Change ◦ Privilege use ◦ Process Tracking ◦ System Events

 It Depends ◦ Security – watch for what “shouldn’t” happen ◦ Tracking – watch for what “is” happening  Do we need to know Mary successfully logged in?  Do we need to know the server restarted? ◦ Why did it restart?  Do we need to know a user was created? ◦ who created it and why?  Watch Log File

 NetProbe  Performance  Could be as simple as ping  Could check for specific service (www, smtp)  Could check Performance Monitor settings

 Windows Software Update Services ◦ Patch management software  Microsoft Security Baseline Analyzer ◦ MBSA, probes local and remote systems for security issues  Missing updates, hotfixes etc for most Microsoft Software