Network Monitoring Tools

By timadmin in Administrative 0 Comment

Today I’ve been watching an AlienVault webinar about how to use their product, and caught a glimpse of Nagios and the Paessler NetFlow simulator.  For years I’ve worked to build systems with adequate monitoring to provide either early warning of imminent problems or to provide sufficient forensic evidence to aid in incident response.  My earliest tools were MRTG and Solarwinds Orion Network Performance Monitoring.

MRTG required a lot of manual configuration to get information into a useful form.  Orion was simple to use, but expensive.

I wonder if Nagios would be a good middle ground?  This needs to be checked out!

As an aside, NetFlow information can be quite useful in defining what normal conversations are. Setting up a router or firewall to provide NetFlow information is not hard, but experimenting with collectors to find a good tool for analyzing the information is tougher.  Using the Paessler Netflow Generator to generate some NetFlow data might help this considerably.

Ticketing Systems

By timadmin in Uncategorized 0 Comment

At a previous job I deployed MediaWiki in order to provide our workgroup with a collaborative memory, which somewhere along the way developed into a inventory management too, life cycle planning tool and crude ticketing system.

A very sharing fellow showed me Request Tracker, an open source ticketing tool which does a lot of things better than we used to.  There is a standard version and a version optimized for incident response teams.  Both versions look mature and run on Unix/Linux operating systems.

Open Source SIEM

By timadmin in Uncategorized 0 Comment

I’ve continued working with the Security Onion distribution and have just tripped over another Open Source Security Information & Event Management (SIEM) product.  OSSIM can draw information from network equipment (firewalls, routers, & switches), Linux hosts, Unix hosts, and Windows hosts using a variety of methods.  It maintains this data locally in a SQL database for about 45 days, which provides some forensic capability for a small environment.

FreeSCO

By timadmin in Administrative 0 Comment

FreeSCO is an open source lightweight router based on Linux for use in lab environments. It has promise for use with VMWare Fusion in connecting the lab environment to the public NIC on the host computer.  This is now officially on my list of Tools to Check Out.

iSCSI

By timadmin in Hardware, Home Server 0 Comment

This month I’ve subscribed to CBTNuggets to get trained up on VMWare’s vSphere product.  Especially the networking components.  Along the way I’ve learned more interesting things – first of which is a open source iSCSI program that can provide remote storage.  It is called OpenFiler and can be run on bare metal or a VM.  A download can be had from here.  It looks pretty handy, and reminds me a bit of FreeNAS.