Networking

Know your network monitoring options

There are several ways to monitor your network. Take a look at three of your monitoring options: ICMP, SNMP, and Agents.
Network monitoring can be as simple as pinging devices using Internet Control Message Protocol (ICMP) to ensure they're alive or polling devices through Simple Network Management Protocol (SNMP). But it can be as complex as deploying a client agent that interacts with a specific network monitoring platform.

Regardless of how you choose to monitor your organization's network, you must do so in a secure manner. The data you collect--even if it's just a ping response--is a treasure trove for black hats trying to map and break into your network.

ICMP

Using ICMP to ping devices to monitor your network won't return performance statistics or tell you whether a specific service is running. But it will tell you if a network device is alive and able to respond to network traffic.

Ping is one of the oldest forms of monitoring, and that means it's also one of the oldest exploitable methods of monitoring and mapping your network. Therefore, be extremely cautious about allowing just any IP address to ping critical components of your network, and take steps to control that traffic with access lists on your external and internal routers.

Here's a sample entry for the access list on the routers between your network monitor server and the devices you want to monitor:

access-list 101 permit icmp network.monitoring.server monitored.device echo

You also need to permit the response back to the monitor server with the following entry:

access-list 102 permit icmp monitored.device network.monitoring.server echo-reply

Replace network.monitoring.server and monitored.device with the IP address of your monitoring server and the device you're monitoring, respectively.


Get the TR Blog Roundup

Find out who's offering the best advice, the quirkiest comments, and the most compelling life stories every week with TechRepublic's Blog Roundup. Click here to automatically sign up to receive it every Wednesday.

Use tags to find blog posts about Windows and security.


SNMP

Monitoring via SNMP polling can provide a wealth of information and build performance statistics that you can use to analyze your network. This approach uses a management information base (MIB), which is a database of objects that a network management system can monitor. Device manufacturers define MIBs, but you can also create your own.

SNMP is a bit more dangerous to use than ping. It not only allows you to read information, but you can also change device settings as well.

For monitoring purposes, you should implement read-only SNMP strings on the devices you're monitoring. You must also control SNMP through your network.

Here's a sample entry for the access list:

access-list 101 permit udp network.monitoring.server monitored.device eq snmp

Again, you also need to permit the response back to the monitor server with the following entry:

access-list 102 permit udp monitored.device network.monitoring.server eq snmp

When implementing monitoring via SNMP, make sure that you remove the default read-only/write community strings and restrict SNMP polling to the network monitoring server's IP address.

Agents

Monitoring via an agent deployed as part of a monitoring server typically provides the most in-depth information about the devices you want to monitor and the services running on those devices. It uses a nonstandard port that you must also control with an access list.

Final thoughts

If you want to monitor devices across a WAN link, consider implementing a VPN between the monitoring server and the monitored devices. Not all devices support SNMP v2, which encrypts SNMP sessions. (SNMP v1 sends SNMP information via clear text.) A VPN can help secure your monitoring information.

Monitoring your network is an essential function that provides the status of your business resources. The method you use to gather this information often depends on how critical network status is to your company and the size of the check it's willing to write to get the job done. But regardless of which monitoring method you choose, make sure you monitor your network in a secure manner.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

1 comments
mustafa.aksu
mustafa.aksu

First of all, thank you for this good article. There are several texts on the Internet but mostly about products. Now we have more than one option to watch over our network. There are also free and licensed tools to use for this purpose. However I am not hopeful about a magic box(or magic download) will solve monitoring problems. This is why this article is a must read. I will also suggest to read http://cisco-network.com/hands-on/cisco-network-monitoring-common-mistakes/ for better understanding and to build a complete solution.