An Easy Way to Illuminate your Network!
Jim Thor, WildPackets Professional Services
Your network infrastructure is at the core of your entire network. And with all the talk about threats and security breaches, you would think we would do more to validate that our infrastructures are working the way we expect them to.
When I speak of the network infrastructure, I am thinking of not only the devices, but also the core protocols that make up the network. Let’s face it, if the DNS server is down, and your users can’t resolve www.jokeoftheday.com, the network might as well be down!
But today’s tip is more along the lines of validating what is happening with your core protocols, services, and servers, and illuminating you view of you network. Here is the tip…
Start building Infrastructure filters (one inclusive one, or many individual ones) that know the expected behavior of your network, like DNS queries only to the internal DNS servers, DHCP offers only coming from the internal DHCP servers, SMTP only to the mail server or servers, no clear text protocols on the finance network, or … (you fill in the blanks for your environment). Here is an example…If there is SMTP traffic NOT to your Mail servers, then show it to you. That filter would look like this…
Now, start a continuous capture and run it 24x7, and select each of your new infrastructure filters for that capture. If you built them right, the only time you should ever capture a packet is when something happens that is outside the normal behavior of your infrastructure. If any packets ever show up in the packets view, it’s time to jump into action.
Now, if you are unsure how to build the filters themselves, then it is time to check into our classes. The classes will enable you to start putting your excellent investment to work for you on a 24x7 basis, which will allow you to have complete visibility into your network, hence, illuminating your network! Welcome to the world of working smarter, not harder!