Re: Monitoring software question
From: Jose Maria Lopez Hernandez (jkerouac_at_bgsec.com)
Date: Sun, 13 Feb 2005 12:34:27 +0100
> My understanding was that he did not give any indication on specifics.
> So, he wants to check on bandwidth usage, he can with the zywalls. it
> goes by ip, tells port and protocol connected to and what local pc did
> this. it won't do like user accounts no. but it will tell you where
> people go and what local computer did this. that's a yes it does what he
> wants. however he is not being 100% specific.
That was the only thing I was saying, that if he needed some kind of
monitoring not firewall specific he couldn't do it just with a firewall.
> the zywall will do everything he wants based on the info he gave which
> is not much at all. it does what i just said above, but if he wants
> anything more specific which he has not said then it may not do it. but
> with what he said in his post it will do everything and very well too in
> my use of it. also the sonicwall TZ150 will too, but only for 10
> devices/computers, for more it's have to be a more $ device. It has user
> accounts, all the BW info and so on.
Obviusly it all depends on what he really want to monitor and how.
> to check to see if something is business related, again he didn't get
> specific at all, so it can still do this. if they know ports then the
> routers tell him what was accessed, from who/what local ip and how much
> data was transferred.
But have in mind that many protocols that are administratively
prohibited in some enterprises, like Messenger can be tunneled through
open ports like 80, so you must have a proxy like squid or some kind
of IDS/IPS to check it.
> So it would do everything, but not everything if he wants more then what
> he has stated. No device can that i know of. like tell you what apps
> were really used etc. all they can do is what port, but again i am not
I also don't know of any device or single software that can do what
he wants. If he really wants everything he talks about in the original
post and well done he will need a lot of software/hardware and a lot
of work. It's easy to ask for solutions to what may look like simple
problems to non ITs, but sometimes it's very difficult to implement
> and please Jose forigve me if I sounded harsh to you. I did not mean to
> and I'm very sorry if I was.
No, no. You didn't sounded harsh at all. And I always have in mind that
everyone that post to this newsgroups it's trying to help the original
poster, and I think both of us were doing that, so everything was OK,
I think we just tried to help the OP the best way that we could. Hope
the OP have his problem a little more clearer :-)
-- Jose Maria Lopez Hernandez Director Tecnico de bgSEC firstname.lastname@example.org bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAŅA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"