Skip navigation

Category Archives: Network Security

When weighing in on personal firewall protection software, there are three important factors that should be considered prior to making a decision.   The first and most important is that the updates for the software must be continuous and be prompt to address the ever-changing hostile environment that users are accustomed to.  The second factor I would look at is load or how the software impacts the performance of my computer.  Many firewall software suites I’ve used in the past have severely hampered my performance to the point where I have even disabled the software to accomplish certain things on my system which defeats the purpose of having the software.  The last factor I take into account is how easy it is to manipulate and use the software.  When you download a software suite designed to protect you system, it needs to be “plug-n-play” type software that doesn’t require too much thought into installation and configuration.  This is especially important when you are recommending software to install to protect a family members computer.   That is unless you like to receive family tech support calls on those least opportune moments such as during one of your weekend football games.

One tool that needs to be in your security toolbox is a good management program that utilizes the Simple Network Management Protocol (SNMP).  Utilizing network management software to display all of the SNMP data being polled and sent from attached SNMP agents can provide valuable information i.e, high bandwidth/memory utilization.  These valuable network indicators can be good indication of something mischievous going on within your network. Critics will say that SNMP, as a protocol, is not very secure and therefore it is open to a variety of attacks; however, that should not detract from its use as part of a comprehensive event logging and device reporting solution which I can personally attest to.

While working as a network engineer a few years back for the Department of Defense, I finally was able to justify the procurement of network management software solution to be installed onto our network.  This particular system was in place to support the Air Force linguist training and tracking database.  After the initial install and configuration, I completed a required performance baseline to assess the “normal” characteristics of our network.  Using that baseline as a guide, I then setup alert actions to give us a “heads up” should something out-of-the-ordinary happen.  It took some tweaking due to many false alerts but once I finally got it set, it worked like a champ.  A few months later while at home, I received a few text messages from our system.  The text message indicated that the traffic was off the charts on our router directly attached to that server.  This was extremely odd for a weekend.  I immediately remote into the system from home and discovered that our SQL server was running a script utilizing two extensive text files hidden on the server for data input.  One of the files contained common passwords and the other was common logins and the script was cross-utilizing both in attempt to discover our SQL Service Account (SA) password.  Without that network management software utilizing the SNMP protocol, I would have never known about the attack that was taking place until it was probably too late.