1. IT:Network:Apps

2.  Need to keep track of many things ◦ Traffic (packets) ◦ Network load ◦ Server load ◦ Disk space ◦ Log files ◦ Availability of Servers/Services

3.  Protocol Analyzer ◦ Wireshark ◦ Sniffer ◦ Network Monitor  Need to see all packets ◦ Promiscuous Mode ◦ Management port on switch

4.  Could use Wireshark again (Stats>Summary)  Administrative Tools > Performance ◦ IPv4 – Datagrams (sent/received) / sec ◦ Network Interface – Bytes (sent/received/total) / sec

5.  Performance again ◦ Processor - % Processor Time ◦ Processor - % Idle Time ◦ Memory – Pages/sec

6.  Disk Space – does it have enough space ◦ Performance Monitor ◦ Logical Disk - Free megabytes; % Free Space  Disk Performance – is it fast enough ◦ Performance Monitor ◦ Logical Disk – Avg Disk Read|Write Queue Length

7.  System keeps log files with important info ◦ System; Application; Security; Others  Look at them!!!  EventRover  EventAlarm

8.  Security Policy (Local, Domain, DC) ◦ Local Policies – Audit Policy  What to watch ◦ Account Logon Events – domain user auth by DC ◦ Account Mgmt – ◦ Logon Events – user auth by local machine ◦ Object access – file system/reg key/ printer  (ntfs security – Adv – audit) ◦ Policy Change ◦ Privilege use ◦ Process Tracking ◦ System Events

9.  It Depends ◦ Security – watch for what “shouldn’t” happen ◦ Tracking – watch for what “is” happening  Do we need to know Mary successfully logged in?  Do we need to know the server restarted? ◦ Why did it restart?  Do we need to know a user was created? ◦ who created it and why?  Watch Log File

10.  NetProbe  Performance  Could be as simple as ping  Could check for specific service (www, smtp)  Could check Performance Monitor settings

12.  Windows Software Update Services ◦ Patch management software  Microsoft Security Baseline Analyzer ◦ MBSA, probes local and remote systems for security issues  Missing updates, hotfixes etc for most Microsoft Software