Networking help

SilentsoulSilentsoul Member Posts: 260
I recently took over a network that while not in shambles is in dire need of assistance. The users (around 500) are blocked from some things but not from others. They were streaming media and playing games really working over our bandwidth use and slowing things down a lot. I am now cracking down I am been blocking streaming sites left and right and things are generally starting to get back under control.

The network consist of enterasys switches some B2's and C'3s a content filtering solution an ISA box some servers and about 500 desktops/Laptops.

I need some help as to where I need to be looking at to help me do my job better. I am looking at possibly doing some sniffing to help track down malicious users on the network, and I know there are some I've discovered some pretty nasty stuff in user's folders. Basically this is my first network and my first admin job and i want to learn a lot and square things away but I am kind of overwhelmed and lost.

i just set up a cent os box and I am thinking about using Nagios to help me do some things on the network. Any tips, hints, help.

Its a windows 2003 domain with AD. Need anything else?

Comments

  • AhriakinAhriakin SupremeNetworkOverlord Member Posts: 1,799 ■■■■■■■■□□
    Prioritize your internet and server segments for sniffing, Snort is an obvious choice but look into OSSIM (free) as it includes snort and a lot of other great tools beyond security (like using Fprobe and NTop to give you traffic reports from the switch either natively or forward as Netflow if you already have another Netflow capable solution).
    As for user files let them know a few days in advance that you will be doing a scan of the servers for non-work related material, you don't have to spell out the details, and they will do a lot of the work for you. You just have to make sure you enforce the rules afterwards as they will try and test your new security measures - Snort can help here again as the Bleeding edge threats ruleset includes a lot of Policy based rules for monitoring things like MP3 file transfers etc. if you dont want to get into writing your own rules you could copy this rule and simply change the extension to match other file formats you want to be alerted to traversing the network. That way you will know when they are trying to copy their crap back to your servers.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Do they have any sort of policies in place for any of this? If not, you should develop those, and be sure to get management on board. Few people are going to take what you say seriously if it's just coming from you. It's a different story when there are rules in place that could cost them their jobs.

    Check this out for a starting point: http://www.sans.org/resources/policies/#template There's a ton (this is my current project as well).

    As far as the content filtering goes, how much do you want to lock it down? Some places start off by blocking everything and allowing sites as needed.
  • SilentsoulSilentsoul Member Posts: 260
    The policy is where it get's very hard and political. All I can say is I work for an educational environment. I can do some things and get away with it, but I blocked web mail the other day, which is a state mandate mind you, and it was like I took down the entire internet. It's nuts.
Sign In or Register to comment.