Skip to content

Network Security Monitoring

Learning
7 2 2.0k 1
  • I am wondering what everyone is using for network security monitoring? I did a good search and there are so many options. I was also wondering if it is worth running a network monitoring software on a local network? Maybe it isn’t even worth running a tool like that on a local network? I don’t think people are trying to break into my local network, but was curious what others do.

    Say I have virtual servers running that have the network card bridged. Is it worth having monitoring software installed and running for them as well?

  • I found this video that monitors all sorts of things over the network. Hardware and such as well. He goes over and how to setup Whats Up Gold. It is free for your personal network and for business it costs money of course.

    Thoughts?

    @phenomlab if you don’t want videos like this on your site let me know and I won’t do that for future posts. You can also remove the video from this post as well if not allowed.

  • I am wondering what everyone is using for network security monitoring? I did a good search and there are so many options. I was also wondering if it is worth running a network monitoring software on a local network? Maybe it isn’t even worth running a tool like that on a local network? I don’t think people are trying to break into my local network, but was curious what others do.

    Say I have virtual servers running that have the network card bridged. Is it worth having monitoring software installed and running for them as well?

    @Madchatthew certainly worth monitoring, but for it to work correctly, the bridge card needs to be running in promiscuous mode otherwise packets will be discarded by the NIC itself.

    Are you looking specifically for security monitoring, or general performance monitoring also? I know that @DownPW has a lot of experience with Crowdstrike but that is essentially application layer rather than machine, so in the sense of the OSI model, it’s layer 7.

    I suspect you are looking for layer 1 or 2 which would be physical (1) or data (2). There are numerous security products out there (some really good open source ones also) but I prefer to tap into the network stream at layer 3, so in this example, you’d use a network switch and create a network tap or mirroring port and use another program to read and analyse that traffic.

    Taking this route means it’s agentless, and you don’t have to add machines manually. Really depends on what your requirements are.

  • I found this video that monitors all sorts of things over the network. Hardware and such as well. He goes over and how to setup Whats Up Gold. It is free for your personal network and for business it costs money of course.

    Thoughts?

    @phenomlab if you don’t want videos like this on your site let me know and I won’t do that for future posts. You can also remove the video from this post as well if not allowed.

    @Madchatthew absolutely no issue. Including any source material such as videos is actively encouraged as it saves other members having to search themselves.

  • @Madchatthew certainly worth monitoring, but for it to work correctly, the bridge card needs to be running in promiscuous mode otherwise packets will be discarded by the NIC itself.

    Are you looking specifically for security monitoring, or general performance monitoring also? I know that @DownPW has a lot of experience with Crowdstrike but that is essentially application layer rather than machine, so in the sense of the OSI model, it’s layer 7.

    I suspect you are looking for layer 1 or 2 which would be physical (1) or data (2). There are numerous security products out there (some really good open source ones also) but I prefer to tap into the network stream at layer 3, so in this example, you’d use a network switch and create a network tap or mirroring port and use another program to read and analyse that traffic.

    Taking this route means it’s agentless, and you don’t have to add machines manually. Really depends on what your requirements are.

    @phenomlab To be honest, I didn’t really know what I am looking for or what level of monitoring I should do or if I even need to do any monitoring. I know with what seems like an increase in hacking lately, that maybe it wouldn’t be such a bad idea.

    I do like the sound of layer 3 monitoring so you don’t have to manually add machines. Do you have some examples of some of the open source software out there that does the layer 1 or 2 monitoring?

    @phenomlab said in Network Security Monitoring:

    @Madchatthew absolutely no issue. Including any source material such as videos is actively encouraged as it saves other members having to search themselves.

    Sounds good, thank you!

  • @phenomlab To be honest, I didn’t really know what I am looking for or what level of monitoring I should do or if I even need to do any monitoring. I know with what seems like an increase in hacking lately, that maybe it wouldn’t be such a bad idea.

    I do like the sound of layer 3 monitoring so you don’t have to manually add machines. Do you have some examples of some of the open source software out there that does the layer 1 or 2 monitoring?

    @phenomlab said in Network Security Monitoring:

    @Madchatthew absolutely no issue. Including any source material such as videos is actively encouraged as it saves other members having to search themselves.

    Sounds good, thank you!

    @Madchatthew You could try this, but the hardware specs are insane.

    https://github.com/telekom-security/tpotce

    I’d couple this with Zabbix, which is an open source monitoring platform, but mostly geared towards operational monitoring rather than security.

    For that, take a look at OSSEC

    https://www.ossec.net/

  • @Madchatthew You could try this, but the hardware specs are insane.

    https://github.com/telekom-security/tpotce

    I’d couple this with Zabbix, which is an open source monitoring platform, but mostly geared towards operational monitoring rather than security.

    For that, take a look at OSSEC

    https://www.ossec.net/

    @phenomlab I will check those out. Thanks for sharing. I appreciate it!


Related Topics
  • 2 Votes
    2 Posts
    777 Views
    @Muhammad-Abdan-Farooqui Welcome! i’m currently using (and recommend) Bitdefender. For my sins, I’m using Windows, but need this for teams and Office365 integration (otherwise I’d always choose Linux). Have you looked at the Bitdefender product for MAC? https://www.bitdefender.com/en-gb/consumer/antivirus-for-mac
  • Ex GCHQ employee risk to national security

    Discussion gchq security
    4
    1 Votes
    4 Posts
    1k Views
    @phenomlab said in Ex GCHQ employee risk to national security: I can’t believe also that security is so lax that someone without adequate clearance can waltz into a restricted area and take what they want. Yeah I can’t believe that either. It is crazy
  • Bad information security advice

    Security linkedin security advice
    1
    1
    1 Votes
    1 Posts
    663 Views
    No one has replied
  • 4 Votes
    4 Posts
    1k Views
    @phenomlab said in TikTok fined £12.7m for misusing children’s data: Just another reason not to use TikTok. Zero privacy, Zero respect for privacy, and Zero controls in place. https://news.sky.com/story/tiktok-fined-12-7m-for-data-protection-breaches-12849702 The quote from this article says it all TikTok should have known better. TikTok should have done better They should have, but didn’t. Clearly the same distinct lack of core values as Facebook. Profit first, privacy… well, maybe. Wow, that’s crazy! so glad I stayed away from it, rotten to the core.
  • 4 Votes
    3 Posts
    3k Views
    @phenomlab No they have a free and pro console instance. We can see alert with IP, Source AS, scenario attack etc… Installation on the NODEBB server without problems. Very good tools [image: 1668812242411-cf7e5a89-84f4-435b-82eb-434c0bfc895e-image.png] [image: 1668811810555-cc82a10e-a1f1-4fd8-a433-7c9b2d31f254-image.png] [image: 1668811841819-1b7147b0-37c6-4d87-b4f1-a0fe92e74afd-image.png] [image: 1668811924623-7c21fc10-1825-48e1-a993-92b84455f074-image.png] – We can also do research on IPs via the crowdsec analyzer I believe it’s 500 per month in the Free version [image: 1668812069082-43bc8265-a57c-4439-829c-0bb8602d99b4-image.png]
  • 0 Votes
    1 Posts
    687 Views
    No one has replied
  • 0 Votes
    3 Posts
    2k Views
    @justoverclock yes, completely understand that. It’s a haven for criminal gangs and literally everything is on the table. Drugs, weapons, money laundering, cyber attacks for rent, and even murder for hire. Nothing it seems is off limits. The dark web is truly a place where the only limitation is the amount you are prepared to spend.
  • is my DMARC configured correctly?

    Solved Configure
    3
    2
    3 Votes
    3 Posts
    1k Views
    @phenomlab said in is my DMARC configured correctly?: you’ll get one from every domain that receives email from yours. Today I have received another mail from outlook DMARC, i was referring to your reply again and found it very helpful/informative. thanks again. I wish sudonix 100 more great years ahead!