Best Network Directory Services and Monitoring Tools

“Directory” is a common term in computing that can mean a range of things. However, in networking, the directory is usually related to user data and a list of resources that can be contacted on the network.

So, there are two types of directories to look after on a network: one lists people, and the other lists equipment. In this guide we will investigate the different directory systems that are commonly in operation on networks today.

Directory storage format

Any list of data can be held on a computer in the form of a file, or in a database. Early directory systems were file-based. However, the development of database management systems made the database option more efficient. Databases are easier and quicker to search through and the query languages used for them (usually SQL) allow for Boolean operators (AND, OR, NOT, DIVIDE, TIMES, SELECT, PROJECT) to be included in searches.

Directory access procedures

Employing a directory system that relies on an openly available protocol is preferable to buying in a proprietary system that uses its own communication formats. Directory services require two basic components, which are a client and a server. The server is the program that holds the database and manages access to data. The client is usually embedded in an interface that either displays retrieved data, allows that data to be altered, or enables actions to be performed conditionally on receipt of that information.

If you choose to install a directory system that is based on universal protocols, you will be able to “mix and match” the client and server systems because they will be guaranteed to be able to interact with one another no matter who wrote them. Furthermore, the information contained in network directories can be exploited by monitoring and activity reporting tools, such as intrusion detection systems (IDSs). Installing a directory manager that implements commonly used protocol ensures that the information contained in those directories will be accessible to those user monitoring and resource control packages.

Lightweight Directory Access Protocol (LDAP)

LDAP is a service protocol that has been widely implemented as the access mechanism to a wide range of network directories. A number of the network directory systems that are listed here below use LDAP procedures.

As it is a protocol and not a piece of software, you can’t buy LDAP and install it. Rather, you would acquire and run a program that implements the LDAP rules. A protocol outlines a list of standards and working procedures that will achieve a goal, so the protocol itself is not operating system-dependent. That means that anyone can develop an LDAP implementation for Windows, Linux, Unix, or any other operating system.

An important element of the LDAP definition is that it sets out a command language that enables clients to communicate with the LDAP server. As the standard is publicly available, anyone can use it to create an application that interacts with an LDAP server. This means that LDAP can be integrated into commercial software and can also be integrated into any in-house custom program that you might develop. This flexibility and universality has made LDAP the de facto standard for the operating procedure of directory services.

LDAP is used for all DNS servers (Domain Name Service) so you will employ the LDAP system regularly on your network, whether you realize it or not.

OpenLDAP

As the name suggests, OpenLDAP is the purest implementation of the LDAP system that you will find. This is a library of procedures that can be integrated into other programs. OpenLDAP is an open source project and so anyone can access its code for free. The code is also implemented by the OpenLDAP project as Java libraries and so it is possible to access the system through GUI interfaces on any operating system.

As this package is a library of code, few network administrators implement the OpenLDAP procedure directly. Instead, you should look out for commercial applications that state their use of OpenLDAP.

Active Directory

Microsoft’s Active Directory was a ground breaking user management system, created for Windows. It was invented in 1999 and was so well planned that it is still widely in use.

Active Directory keeps a list of authorized users for a network. It is able to categorize those users by permission levels, so a user with administrator privileges is recognized and allowed greater access that regular users. A secondary benefit of Active Directory is that it also checks the rights of the computers on the network. So, this is a great security service because it makes sure that only authorized devices are connected to the network and only authorized users can log in on those computers. It is possible to block off access to some equipment to certain user groups and reserve access to specific applications to those with administrator rights.

The main limitation of Active Directory is that it only integrates with other Microsoft products, so you can’t use it on Linux. Also, it isn’t able to control access to non-Microsoft productivity suites, such as Google Docs. As the list of successful competitor services and cloud-based systems extends the usability of Active Directory decreases.

Novell Directory Services (NDS)

The NDS system was invented to provide directory services to Novell Netware networks. However, it is also able to operate on networks that don’t have Netware installed. The software can run on Windows, Sun Solaris, and IBM OS/390. This was an early implementation of LDAP and so it became a benchmark for other directory service implementations. Its use of LDAP particularly pointed the way for later developments and formed a model for Active Directory.

Access Control List (ACL)

ACL is a rival access management system to LDAP. Although not as widely implemented as LDAP, ACL is still a very well known system and it has been implemented enough times to flag it in the industry as a reliable authentication service.

The ACL system relies on a data storage format that creates a tree of attributes. In ACL terminology, the resource that is being protected is called an “object.” Each object is allocated a list of permitted users and, depending on the type of object being protected, each user is attributed one or more permissions.

ACL can be applied to file access or network access. Network-based ACLs can be useful for intrusion preventions systems (IPSs) because they control access to specific host addresses and can even selectively block access to ports. On networks, the access rights documented by ACL are implemented on switches and routers.

Modern ACLs use SQL databases for permission storage rather than files. This advancement also made it possible for ACL to evolve beyond user access controls to user group management. This simplifies the administration of access permissions, particularly on networks, where the ACL may need to log each user many times over in order to give access to even the basic resource requirements of a typical office-based user.

Identities and Access Management Solutions (IAMs)

A category of network utility that you might come across when investigating user authentication systems is Identity and Access Management Solutions, or IAMs. This term describes a broader solution to user authentication than just a directory service. However, a directory, or even several directories will lie at the heart of any IAM. So, when shopping for access and authentication systems, aim for tools that have a much wider remit than just directory management. However, be aware that you need the directory service at the core of the IAM to implement an open protocol, such as LDAP so that directory access will also be available to other monitoring applications.

Suggestions for network directory services

This list presents a few suggestions for applications that you could try as specific directory services on your network. However, other applications that you use regularly, such a web servers or IP address managers will also integrate directory services.

JumpCloud DaaS

JumpCloud Daas

The “DaaS” part of this product’s name stands for “directory as a service.” This is an emulation of the term “software as a service.” Online, cloud-based software services use the SaaS/software as a service term to describe their configuration. So, JumpCloud’s name instantly tells you that it is an online service delivering a directory server over the internet.

This is a paid product that implements Active Directory. However, JumpCloud extends Active Directory’s capabilities to Unix and Linux systems by emulating AD with an LDAP implementation for those operating systems. JumpCloud offers a neat way to get AD working for all of your resources not just those provided by Microsoft. You don’t have to pay for JumpCloud DaaS if you only use it for up to 10 users.

Running security services over the internet creates an extra component that could fail and it also creates an extra opportunity for hackers to intercept you traffic and break through your authentication processes. Fortunately, JumpCloud encrypts all communications between your client and the server held on the JumpCloud remote site.

Putting AD on the web is an interesting solution for those who don’t use many onsite resources but rely on cloud servers and SaaS for user applications. The cloud-based model is also interesting for those businesses who have a lot of workers based from home, or with agents, consultants, or craftsmen who work on client sites all the time.

JumpCloud DaaS is an example of how traditional site-based applications can easily be adapted for delivery on remote servers, and how it is never too late for an innovator to come in and revamp or extend the functionality of established services.

AWS Directory Service

AWS Directory Service

Amazon Web Services offers an alternative to JumpCloud DaaS. This is another cloud-based Active Directory implementation and it is provided by one of the Cloud’s big hitters. You can choose to just use this directory service as your current on-site setup, or use it to migrate your storage and software to other AWS services.

Unlike JumpCloud, the AWS Directory Service doesn’t extend the capabilities of AD to Unix and Linux. Rather, this is a pure Microsoft Active Directory implementation that is hosted on the Cloud.

Amazon doesn’t offer AWS Directory Service for free. However, the pricing model is very scalable and based on an hourly meter rate, covering two domains, with a lower rate for each additional domain added to the plan. This isn’t quite as good as free. However, you can try the service for free for 30 days.

389 Directory Server

389 Directory Server

The website of 389 Directory Server claims that this software is “hardened by real-world use.” As a hardened network administrator, you will probably relate to that use of words. This is an open source project and is a no-frill product. If you’re OK about compiling the programs yourself and don’t mind combing through code, you will love this directory system. The package includes a GUI font-end for Gnome environments to give you point-and-click ease of use.

The 389 Directory Server is available for Linux and it is free to use. The procedures of the service are written to the LDAP standards, so this is like Active Directory for Linux.

Apache Directory

Apache Directory

If you run a website, it is very likely that you also have Apache Web Server. Apache Directory is a free LDAP implementation that is managed by the same organization that curates the web server software. There is no strict interoperability between Apache Directory and Apache Web Server — they are two distinct products. However, the fact that you rely on the Web Server package from Apache should give you confidence to try the Apache Directory, which is free to use.

You need to download and install two pieces of software in order to have a full Apache Directory implementation. However, both are fully compliant with LDAP, so you can substitute either with a different application, as long as that is LDAP-based as well. The server module is called Apache DirectoryDS and the client is called Apache Directory Studio. The second of these two packages allows you to view and alter directory records that are held on the server. Both the client and the server are completely free to use and both run on Windows, Unix, Linux, and Mac OS.

FreeIPA

FreeIPA

Earlier you read about Identity managements systems (IMS) and FreeIPA is included on this list of directory services to try because it is a good example of an IMS. You don’t have to worry about wasting money giving this utility a try because it is free to use.

“IPA” stands for Identity, Policy, and Audit. Those three priorities encapsulate the authentication processes that you need for your network and all of your IT resources. As explained above, directory services are part of IMS systems. In the case of FreeIPA, the directory server component is provided by 389 Directory Server. So, you can choose to install 389 Directory Server to get an LDAP implementation, or expand your authentication services and access control by going for a full IMS with FreeIPA.

FreeIPA is an open source project, so you can examine the code to make sure that there aren’t any hidden data harvesting procedures contained within. The service gives you options over the authentication methodologies that you implement within the IMS framework — Kerberos is a good free open source option available within this category of IMS tasks.

This IMS runs on Unix or Linux. However, it is also able to monitor Windows systems and it can also install on and monitor the Unix-compatible Mac OS environment. The FreeIPA concept collects pre-existing technologies, including the Apache HTTP Server and Python programming APIs to provide a complete IMS that is based on components that you know are “hardened by real-world use.”

Network directory monitoring

The benefit of using a well-known directory service is that many system monitoring applications can exploit the information contained in your resource access control records in order to fully manage and control your network and its services.

There are a number of very useful network monitoring systems that exploit directory data to give you full control over your network’s activities. Here are the ones that you really need to know about:

SolarWinds Server and Application Monitor (FREE TRIAL)

SolarWinds Server and Application Monitor

SolarWinds products operate on Windows Server, so there is no problem of compatibility with Active Directory. As a monitoring system intended for Windows environments, SolarWinds made sure to build Active Directory monitoring into this tool. The AD records on your network enable the monitor to label server load by user demand and also track that activity through the network if you also have the company’s NetFlow Traffic Analyzer and User Device Tracker installed.

SolarWinds produces a range of resource monitoring utilities and all of them are written on a common platform, called Orion. This enables each module that you install to interact with the other SolarWinds products that you have running on your server. The PerfStack module of the Server and Application Monitor works best if you have network monitors installed as well, such as the SolarWinds Network Performance Monitor. This is because PerfStack shows each level of the service stack together, so you can quickly identify where performance issues really exist.

The User Device Tracker particularly exploits the information that you hold in Active Directory to inform the other monitors in the suite of the origin of resource load. The tracker helps you spot security breaches and the Network Performance Monitor and NetFlow Traffic Analyzer will show you excessive traffic that could signify intruder activities. You can get any and all of these SolarWinds products on a 30-day free trial.

FREE TRIAL: Download SolarWinds Server and Application Monitor at https://www.solarwinds.com/server-application-monitor/

PRTG Network Monitor

Paessler PRTG

PRTG is a unified network, server, and application monitor. If you take on this tool, you can choose to implement it as widely or as narrowly as you like because its scope is completely customizable. The PRTG system is made up of hundreds of sensors. Each sensor needs to be activated, so without your intervention, all of the capabilities of the system will remain dormant. A sensor focuses on one aspect of your network services or on one resource. For example, there is a Ping sensor for traffic monitoring and there is also a series of sensors that exploit your LDAP directories for information.

Paessler doesn’t charge for PRTG if you only activate up to 100 sensors. So, you could just use the tool as an Active Directory monitor. While you have the utility watch your AD activities, you also have space within that free service offer to monitor a couple of other activities on your network. You could activate the SNMP and NetFlow sensors to get feedback on network traffic or choose to activate port monitors or server status sensors.

If you want to use more than just 100 sensors, you can get PRTG on a 30-day free trial. PRTG installs on the Windows Server environment.

ManageEngine ADAudit Plus

ADAudit Plus

ManageEngine produces a suite of excellent resource monitors that run on Windows or Linux. In the ManageEngine stable, you will find a number of tools that are specifically tailored to Active Directory monitoring. ADAudit Plus is one of these utilities. This tool will help you administer AD through the ManageEngine interface and it will also track all user activities, including logon and logoff. This will help you spot illogical user activity and excessive login attempts that may indicate intruder presence.

ADAudit Plus is feature rich and it includes tracking and reporting facilities. You can get it in a 30-day free trial. If you don’t feel like paying after the trial period, you could opt for the free version of this ManageEngine tool. ManageEngine offers a number of free Active Directory tools, including the Active Director Query Tool, the CSV Generator, which extracts AD records, the Last Login Reporter, and the AD Replication Manager, among others.

Directory Services

You have a lot of options when you start to shop around for network directory services. Hopefully, this guide has given you a starting point for your search.

Do you use any of the utilities mentioned in this guide? Do you prefer a tool that we haven’t covered here? Leave a message in the Comments section below to share your knowledge with the community.

Read Best Network Directory Services and Monitoring Tools by Stephen Cooper on AddictiveTips – Tech tips to make you smarter

The Ultimate Guide to Network Security – Including Essential Tools

Network security has become a very complicated responsibility in recent years. This is because of the advent of phishing, advanced persistent threats, doxing, and masquerading. These tricks mean that employees are now having a hard time identifying whether the instructions they receive from remote senior management is genuine. In this type of environment, the traditional boundaries of network security go beyond the prevention of snooping on the internet and blocking viruses with firewalls. You now also need to analyze patterns of behavior in traffic and spot anomalous activities even when they are performed by authorized users.

Traditionally, the IT department had administrator privileges that gave any of the support staff access to every element of the corporate system. The risks of data disclosure are now higher. Even unintentional breaches of confidentiality can result in expensive litigation from those whose personal data is held on your system. This new environment demands that you tighten up access rights and track all activities in order to prevent and log malicious activity and accidental destruction.

Fortunately, modern network equipment has messaging systems built in, and you can exploit these sources of information just by installing collector agents and analysis software. The network security market provides several categories of monitors that will help you protect your company from data theft and other malicious activity.

In this guide, we will look at the following categories of network management software:

  • Traffic analyzers
  • Log managers
  • Vulnerability scanners
  • Configuration managers
  • Network monitors
  • Intrusion detection and intrusion prevention systems

Here is our list of the best network security software:

  • SolarWinds Network Performance Monitor
  • WhatsUp Gold
  • TrueSight Network Automation / Network Vulnerability Management
  • OSSEC
  • Sagan
  • Paessler PRTG

You can read more details on each of these options in the next section of this guide.

Network Security Software Options

The recommendations in this list include a number of comprehensive network management tools that will serve as general network performance monitors as well as specifically track security issues for you. The three main tools in the list are SolarWinds Network Performance Monitor, WhatsUp Gold, and Paessler PRTG. Each of these packages can be expanded to include a wide range of extra functions. The architecture of these tools also allows you to limit their functionality to focus on just one task, such as security monitoring. OSSEC and Sagan are highly regarded specialist intrusion detection systems and the TrueSight package includes a nice mix of network protection functions.

This list includes options that are suitable for small, middle-sized, and large networks.

1. SolarWinds Network Performance Manager (FREE TRIAL)

SolarWinds Network Performance Monitor

The Network Performance manager is the key tool offered by SolarWinds. It tracks the health of network devices through the use of Simple Network Management Protocol messaging. All network equipment ships with SNMP capabilities, so you only need to install an SNMP manager, such as this SolarWinds tool in order to benefit from the information that SNMP provides.

Download a free trial at https://www.solarwinds.com/network-performance-monitor/

The tool includes an autodiscovery and mapping tool, which creates an inventory of your network equipment. The discovery function runs continually and will spot new devices added to the network. This is a useful assistant for intrusion detection because hardware invasions are one form of intrusion. The deep packet inspection capabilities of the Network Performance Monitor will also help you protect your network by highlighting and tracking anomalous behavior in traffic patterns and user activity.

SolarWinds offers a number of other network management tools that will enhance the abilities of the Network Performance Monitor with respect to security monitoring. A NetFlow Traffic Analyzer examines traffic flows around your network and includes security monitoring features. This includes the tracing of malformed and potentially malicious traffic to network port 0. In addition to those monitoring features, the traffic visualizations and anomaly alerts help you spot unusual activity.

The dashboard of this tool includes some great visualization of live data and it is also capable of storing packet data for historical analysis. The tool has a range of options for packet capture, which includes sampling methods that reduce the amount of data that you need to store for analysis. If you don’t have the budget for the SolarWinds Network Performance Monitor and the NetFlow Traffic Analyzer, you could try the free Real-time Bandwidth Monitor. However, this tool doesn’t have many features and would only be suitable for small networks.

You get greater insights into user activities if you add on the User Device Tracker. This enables you to track user activity and it also keeps an eye on switch port events, including attempts by hackers to scan ports. The tool can also close off ports and selectively block users in the event of intrusion detection.

Extra features of the SolarWinds stable can be added on to the monitor because the company created a common platform for all of its major tools that enables data sharing and interdisciplinary modules. The Network Configuration Manager would be a good choice for security issues because it controls the settings of your network equipment. It will also look for firmware updates and install them for you — keeping up to date with operating systems and all software is an important security task of IT systems.

SolarWinds offers a number of free tools that will help you control the security of your network. These include the Solar-PuTTY package. This is not just a secure terminal emulator to enable you to access remote servers securely. It also includes an SFTP implementation, which you could use to backup and distribute device configuration images. This would be a cheap alternative to the Network Configuration Manager if you have a small network and a very tight budget.

The Kiwi syslog server is another useful SolarWinds security tool that small organizations can use for free. You don’t have to pay for this tool if you are only monitoring up to five devices. The tool is also suitable for larger networks, but for that you will have to pay. The log manager also collects and stores SNMP messages and you can set alerts on the volumes of message types. This is a very useful feature if you don’t have an SNMP-based network manager. The alerts will highlight volume attacks and brute-force password cracking attempts. Unusual surges in traffic and suspicious user activity can also be spotted by this log management tool.

2. WhatsUp Gold

WhatsUp Gold

WhatsUp Gold is a challenger to the SolarWinds Network Performance Monitor. It is produced by Ipswitch, which also offers a number of add-on modules that enhance the security monitoring capabilities of WhatsUp Gold. This network monitor will highlight unusual behavior by monitoring switches and routers with the SNMP messaging system. Finally, the console enables you to set up your own custom alerts that will give you warnings of traffic surges and illogical user activity.

Alerts will be shown in the dashboard of the system and you can also nominate to have them sent as email or SMS notifications. It is possible to direct different notifications to different team members according to message source and severity. A free companion tool, WhatsUp Syslog Server enhances the information that you can get out of system messages and also create custom alerts. Syslog messages can be shown in the console, forwarded to other applications, and stored in files. The server will manage your syslog files in a logical directory tree to make specific messages easier to retrieve. Archived messages can be read back into the dashboard for analysis. In addition to that, the interface allows you to sort and filter messages so that you can identify patterns of behavior and additionally spot anomalous behavior.

WhatsUp Gold is accompanied by a number of paid enhancements that will improve your security monitoring power. You should consider adding on the Network Traffic Management module to get data flow information on your network. The main WhatsUp Gold package focuses on the statuses of devices and the Traffic Management module gathers data flow information. The module includes traffic tagging capabilities for QoS implementations. It can split traffic volume reporting by source and destination device, by source and destination country and domain, by conversation, application, protocol, or port number. This detail will help you track unusual activity and you will even be able to block certain applications, such as file transfer utilities in the event of an emergency.

The Network Configuration Management module will help you control any changes to the settings of your network devices. Unauthorized alterations to device settings are often a prelude to intrusion and advanced persistent threats. This is because hackers can open ports an then block reporting functions that would indicate unauthorized activities. You need to create a policy for each device type, make, and model and create a standard setting profile for each group. The WhatsUp Network Configuration Management add-on will enable you to distribute these standard configuration images, take backups of approved configurations and ultimately rollback to those standard settings should any configuration changes be detected.

The WhatsUp Gold paid tools can be accessed for free for 30 days. All WhatsUp Gold software installs on the Windows environment.

3. TrueSight Network Automation / Network Vulnerability Management

TrueSight Configuration Manager

These two products from BMC Software combine to create a really comprehensive security toolkit. The Network Automation tool will monitor your network after first discovering all of your equipment, logging it, and mapping it. The configuration management module of the Network Automation package is the really impressive feature of this network monitoring system. It integrates templates, or “policies,” that automatically implement security standards. There is a policy for each of the well-known standards: NIST, HIPAA, PCI, CIS, DISA, SOX, and SCAP. So, if you have undertaken to comply with one of these data integrity systems, the Network Automation tool will even enforce it for you.

The configuration manager in TrueSight Network Automation will adjust the configuration of each network device so that it complies with the selected policy. It will then back up that configuration and monitor for any changes in the device’s settings. If any changes are made that takes the device out of compliance with the policy, the configuration manager will reload the backed-up config file. This action has the effect of wiping out those unauthorized changes. The Network Automation system is also a patch manager. It will keep in contact with the notification systems of equipment manufacturers for patches and firmware updates. Once a patch is available, the tool will notify you, and even roll out those updates to your network devices.

The Network Vulnerability Management utility scans all devices for vulnerabilities. The system relies on checks with vendor notifications and the NIST National Vulnerability Database to log known weaknesses in the network equipment and servers that you operate. Finally, the tool will update software to block exploits and keep an eye on the performance of devices and servers.

4. OSSEC

OSSEC host-based intrusion detection system

OSSEC stands for Open Source HIDS Security. A HIDS system is a host-based intrusion detection system. Intrusion detection has become an essential specialization in the world of network security and you really need to install an IDS as part of your security suite.

The two great attributes of OSSEC are that it is the leading HIDS available and it is completely free to use. The product is owned and supported by the well-known security software producer, Trend Micro. HIDS methodologies rely on log file management. Correct interrogation of your log files should reveal actions by hackers to explore your system and steal data and resources. This is why hackers always alter log files. OSSEC will create a checksum for each log file, enabling it to detect tampering. The tool monitors log files that record file transfers, firewall and anti-virus activity, event logs, and mail and web server logs. You need to set up policies, which dictate the actions of the utility. These policies can be written in house, or you can even acquire them from the OSSEC community. The policy dictates the conditions that OSSEC should monitor and it will generate an alert if one of the monitored logs shows unauthorized activity. Those alerts can be sent to the interface or sent as email notifications.

If you install the system on Windows, it will monitor the registry for unauthorized changes. On Unix-like systems, it will track access to the root account. OSSEC will run on Windows, Linux, Mac OS, and Unix.

OSSEC is a great data gathering tool, but its front end is a separate product and, in fact, is no longer supported. As this HIDS is so well respected, a number of software providers have created interfaces that are compatible with the OSSEC data formats. Many of these are free. So, you would install OSSEC, plus a front end from a different source for data viewing and analysis. Check out Kibana or Splunk for this function.

5. Sagan

Sagan intrusion detection system

Sagan is a free log file manager. It has many functions that make it a good host-based intrusion detection system. Sagan is also able to analyze data collected by network-based intrusion detection systems. A NIDS collects traffic data through a packet sniffer. Sagan doesn’t have a packet sniffer, but it can read in traffic data collected by Snort, Bro, and Suricata — all of which are free to use. So you get a blend of both HIDS and NIDS security activities with Sagan.

You can install Sagan on Unix, Linux, and Mac OS. Unfortunately, there is no version for Windows. Although it can’t access computers using the Windows operating system, it can process Windows event log messages. The processing methods of Sagan distribute its load across several servers or any other piece of equipment on your network that has a processor. This lightens the burden of processing on each piece of equipment.

The tool includes features that make it an intrusion prevention system (IPS). Once Sagan detects anomalous behavior, it can write to your firewall tables to ban specific IP addresses from the network either permanently or temporarily. This is a great assistant for network security because it implements IP bans automatically and keeps the system available for genuine users. Sagan will simultaneously generate an alert to inform you of the intrusion. The prevention actions don’t have to be implemented if you just want to use Sagan as an IDS.

For reporting purposes, Sagan has a nice feature, which traces suspicious IP addresses to their location. This can be a very useful tool for tracking hackers that cycle their attacks through several different addresses to try to evade detection. Sagan allows you to aggregate network activity by source IP address location, thus unifying all of the actions of one miscreant using several addresses.

6. Paessler PRTG

Paessler PRTG

Paessler PRTG is a very large monitoring system that is implemented by a series of sensors. Each sensor monitors one attribute of a network. You can reduce the scope of the monitoring tool to just focus on one aspect of your infrastructure by the sensors that you choose to activate. The whole system will monitor network devices, network traffic, applications, and servers. Paessler made this a pure monitoring tool, so it doesn’t have any management functions, such as configuration management.

One of the sensors in PRTG is the Syslog Receiver. This collects syslog messages and inserts them into a database. Once those messages have been stored, they can be sorted, written out to files, or even assessed as triggering events that can have automated actions associated with them.

The security monitoring features of PRTG include a deep packet inspection facility that is called the “packet sniffer sensor.” This will sample you network traffic’s packets and store them to a file. Once you have captured enough data you can analyze traffic in the PRTG dashboard. This facility enables you to target web, mail, and file transfer traffic with this tool, so it is a good aide to monitoring user activity and also to protect a web server from attack. The firewall monitor keeps track of attack events and notifies you of them through alerts. The tool will also regularly check with your firewall provider for updates and patches for the software, download them and install them for you. This ensures that you have the latest remedies for newly discovered security weaknesses.

The PRTG system installs on Windows. Alternatively, you can choose to access the service online. Either way, you can use it for free if you only activate up to 100 sensors. You can also get a 30-free trial of Paessler PRTG with unlimited sensors included.

Network Security Tools

There are many different types of specialized network security tools available and you will have to install several in order to keep the data and resources of your company free from theft, damage, and exploitation.

You will notice from the explanations of software in our list of recommended tools that many of them are free. The paid tools often have free version or trial periods so you lose nothing by trying out each of them.

Some of these tools work on Windows and some work on Linux and Unix. So if you only have one operating system on the hosts in your company, your choice of security tool will be narrowed down for you. The size of your network is another influencing factor that will direct you to choose a specific tool.

Do you have a favorite network security tool? Have you tried any of the software in our list? Leave a message in the Comments section below to share your experience with the community.

Read The Ultimate Guide to Network Security – Including Essential Tools by Stephen Cooper on AddictiveTips – Tech tips to make you smarter

18 Best Syslog Servers for Windows and Linux/Unix

Syslog is a highly useful reporting format that many network devices and applications employ. The status and events messages produced by Syslog together form a rich source of information that will enable you to head off device failure, while also assisting you in detecting intruder activity.

There are many tasks that you can perform better with the information that Syslog supplies. However, if you don’t have a Syslog server operating on your network, you are letting all of those useful sources of information circulate on your network undetected.

Today, we’ll cover the best Syslog servers on the market for Windows and Linux-based systems. Read on!

Understanding Syslog File Management

The main task of Syslog servers is to trap Syslog data and write it to file. You don’t want those files to be endless, so it is advisable to categorize messages and store them in indexable files with meaningful names.

For example, it is common practice to start a new log file each day, and put the date of the messages in the name of the file. Some system administrators choose to file messages according to their source. In these cases, you’ll create a directory structure, with a folder for each of the standard sources that you categorize the messages by, and then use the date as the file names–accumulating a chronological library of files for each category.

When choosing a Syslog server, the ability to manage the files in which Syslog messages are stored stands out as a tremendous benefit. Going a step further, you could even look for a Syslog server that includes data analysis functions.

Some servers can also issue alerts when the frequency of certain types of Syslog messages suddenly increases. For example, reports on failed logins that suddenly increase might indicate that a brute force attack on a user account is underway by a hacker trying to gain access to the network. This event would be of particular importance, and you’d want to be made aware of it as soon as possible.

Best Syslog Servers for Windows

Syslog is a standard that is independent of operating system. Even if your Syslog server is on a Windows device, you’ll be able to pick up Syslog data originating from a server or network device running a completely different OS. Here is a list of Syslog servers that will run on Windows and Windows Server environments.

1. SolarWinds Kiwi Syslog Server

Kiwi Screenshot

The Kiwi Syslog Server installs on Windows and Windows Server, and it is free to use for monitoring up to five devices. This package collects messages following the Simple Network Management Protocol (SNMP) as well as Syslog data. The server will write messages to files and also display them in the viewer of the utility’s interface. Additionally, the server program will alert you if traffic volumes of specific types or sources of messages rise above a threshold.

You get the option of choosing the conditions that cause the server to open up a new file. These include the source device type and the date of the message. Kiwi Syslog Server will manage the storage of files in directories with meaningful names, which makes it easier to search through the archive for messages. You can load files into the viewer of the server in order to examine historic data.

2. Paessler PRTG Syslog

Paessler Syslog Receiver Screenshot

PRTG is a comprehensive infrastructure monitoring system. The data gathering element of the package is made up of sensors. You don’t have to turn on all of the sensors; instead you just can tailor the monitor to just focus on one of its areas of expertise. The PRTG system includes a Syslog sensor, which is complemented by pre-written reports, displays, and data processing procedure.

Paessler offers PRTG for free to those who use up to 100 sensors, so you can effectively install PRTG and use it as a free Syslog server. Once you have the Syslog server running, you will also have the option of starting up some of the other sensors and getting data on other parts of your IT system.

3. WhatsUp Gold Syslog Server

WhatsUp Syslog Server Screenshot

WhatsUp Gold is a network monitoring system and its producers, Ipswitch, also offer a free Syslog server. The server will display Syslog messages in its interface and also write records to files. WhatsUp will also organize these files into a directory structure to make finding data sets easy.

You can specify the division of data between files according to warning level, source, and data. It is possible to filter and sort data in the viewer, and that can be live data or records read in from a file. The WhatsUp Gold Syslog Server is able to process up to 6 million Syslog messages per hour, so it can cater for large networks even though it is free. This tool installs on Windows and Windows Server.

4. Syslog Watcher

SyslogWatcher Screenshot

Syslog Watcher is another free Syslog server that runs on Windows. This service operates a multi-threaded architecture that enables it to process many Syslog records simultaneously. This is a useful feature if you have a large network with a high rate of Syslog messages circulating on the network.

Those messages get displayed in a viewer in real time, and are also stored in files which can be inserted into a database. The opportunity to save all records in a database is a great advantage, primarily because it gives you a long perspective on the traffic of your network across a longer period than the daily message list of log files.

You can read records into the viewer from the database or from a file. The viewer is even able to sort, filter and group messages in order to help you analyze the events that they report on. Syslog Watcher is available to be installed on the Windows environment.

5. Fastvue Syslog

Fastvue Syslog Screenshot

The free Fastvue Syslog runs on the Windows Server environment. This utility not only creates Syslog files, but it guards them too. Each log file that Fastvue monitors has a related hash file (calculated with a 256-bit SHA algorithm) that is a checksum for the contents of that file. The server monitors the size of each of your log files, and even reports when those sizes change. These two measures are important security features because hackers operating advanced persistent threat intrusion will alter log files to cover their tracks.

The server stores Syslog messages in files ordered by date, with and option to partition data by device type. Files are stored in directories named for the source device, with each file name bearing the date of the messages that it contains. Finally, within Fastvue’s interface, you can view, sort, and even filter all archived messages loaded in from these files for easy analysis.

6. Visual Syslog Server

Visual Syslog Server

Visual Syslog Server is a free open source utility that runs on Windows and Windows Server. This is an uncomplicated utility that collects all of the Syslog messages on your network and displays them in a viewer. The viewer color codes messages by severity type — error messages are red and warnings are yellow. You can even alter the color scheme and it is also possible to filter, sort, and aggregate records in the viewer. Finally, the server also stores those Syslog messages in files.

You can set the utility to sound a noise when it encounters an error message and you can also get it to send you notification for each warning and error. Those notifications can even be sent by email, which can be encrypted if your email system can handle encryption.

7. TFTPD32

TFTPD64

TFTPD32 is a very basic, enthusiast-created Syslog server that runs on 32-bit Windows systems. There is a companion facility called TFTPD64, which is written for 64-bit systems. This utility doesn’t have a very sophisticated interface, but it is widely used. This is due to the fact that its lack of bells and whistles makes it very lightweight.

The tool is really a TFTP server. TFTP is the Trivial File Transfer Protocol, which is a very insecure protocol  that shouldn’t be used over the Internet. However, it is a standard method for transferring small system files over a private network. The interface can be switched to become a DHCP server to manage IP address distribution and it can also be set to act as a Syslog server. Finally, TFTPD32 will store your Syslog messages to file.

Although the facility can be a TFTP server, a TFTP client, a DHCP server, and a Syslog server, the same instance can’t perform all of those tasks simultaneously.

8. SureLog

SureLog screenshot

SureLog is aimed at small businesses, but it isn’t free. You can install the software on Windows. It is aimed at the system security market and it filters out regular event messages to highlight security threats. As well as trapping Syslog messages and storing them to files, the SureLog service monitors those log files to ensure that they are not tampered with by hackers trying to cover their tracks. Finally, the utility also shows those important messages in its log viewer.

Best Syslog Servers for Linux/Unix

Linux is known as a “Unix-like” operating system. In general, a piece of software that will run on Linux will probably also run on Unix. Here is a list of Syslog servers that install on Linux and/or Unix.

9. Icinga 2

Icinga Event Log Screenshot

Icinga is one of the leading open source system monitoring tools in the world. It is free to use and its latest version is called Icinga 2. The tool installs on Linux and one of its features is a log message monitoring facility. You can specify the type of messages to trap and one of the options is Syslog. The server will display Syslog messages and also write them to file. Finally, you can also load stored messages into the viewer.

The Icinga system has two parts, which are a processing section, called Icinga Core and a front end, which is called Web 2.0. You don’t even have to use Web 2.0 as the interface to the data processor because there are other applications that are compatible. As the code is open source you can also adapt the Web 2.0 program to create your own corporate front end.

10. Syslog-NG

Syslog-ng Screenshot

Syslog-NG installs on Linux computers. This tool is free and is an open source project. The utility collects Syslog messages and Windows events. It will store those messages in files. You can also choose to get the tool to insert records into an SQL database or forward them to other applications. Syslog-NG doesn’t include any analysis tools, but the files that the server creates can be opened in other facilities.

11. Logstash

Logstash sceenshot

Logstash is an open source system that installs on Linux. This is a free utility that forms part of a group of applications called the “Elastic Stack.” The key program in the Elastic Stack is Elasticsearch. Another module in the stack is called Kibana, which is a very well-known free front end that can interface with many different processing engines. Logstash is the collector in the stack. It listens for Syslog messages and files them. If you want more functionality, install Elasticsearch, which will sort and filter the Syslog data for analysis. Finally, you then add on Kibana to access the records through a viewer.

The log message detection processes of Logstash are universal and not specific to one particular type of error logging format. You would need to customize the system to focus on Syslog data by installing a free plug-in. The message processing functions of Logstash can conditionally file records, missing out less important messages and writing to different files according to a set of rule that you define in the user interface. Logstash can even output files in formats that are compatible with Nagios, Icinga, Loggly, Graylog, AWS, and Graphite.

12. Graylog

Graylog

Graylog is a log file manager that runs on Linux. You can get the utility for free — but that version is limited to collecting up to just 5 GB of data per day. The interface for Graylog is browser based, which makes it operating system independent and easy on the eye. You can use the front end of Graylog and the data collection module of some other tool, such as Logstash. Alternatively, you could use the data collection module of Graylog with Kibana as a front end. As you can see, this tool gives you a lot of options.

13. Fluentd

Fluentd screenshot

Fluend is a free open source Syslog server that runs on Linux and Mac OS. The utility can collect a wide range of log message types as well as Syslog. You need to add on a plug-in to extend the tool’s capabilities. However, you must be aware that this is just a data collection system. You will need to add on another front end, such as Nagios in order to get an analysis and viewing interface on front of the processing capabilities of Fluentd.

14. Humio

Humio screenshot

Humio runs on Linux, but you can also get it as an online service. The system isn’t free to use, but it is available for prospective buyers to run it through its paces with a free trial. The tool is supported by a user community and it can even be expanded by plug-ins. However, this is a collector only and you will need other tools to view and analyze the Syslog records that get collected by Humio.

Best Syslog Servers for Windows or Linux/Unix

Although Windows is the most installed computer operating system in the world, many networking utilities require Linux to operate. Making sure to catch both of these markets, many software producers create their software so that they have both a Windows and a Linux version. Here is a list of Syslog servers that are produced in versions for Windows and Linux/Unix.

15. ManageEngine Event Log Analyzer

Event Log Analyzer Screenshot

ManageEngine is one of the world’s leading producers of infrastructure monitoring tools. Its Event Log Analyzer installs on Windows and Linux and it is free to use to monitor five sources or less. The ManageEngine tool doesn’t just collect Syslog messages, but it uses the header information in passing messages to map your network. Finally, the utility can also collect SNMP messages.

You can view new messages in the tool’s dashboard and also get them written to files. While in the dashboard, you can sort and filter messages for analysis. Log files are compressed and encrypted, with access restricted to only authorized staff. The files can be read into the dashboard from the archive, so you even have access to historical data for analysis. This tool integrates well with the ManageEngine network monitoring package, which is called OpManager.

16. The Dude

The Dude Screenshot

The Dude is a product of network equipment manufacturer MikroTik. However, it can pick up Syslog messages generated by the equipment produced by any manufacturer. This is a free utility and it can be installed on Windows, Linux, or Mac OS. The tool is very flexible and it can collect SNMP messages as well as Syslog data.

The tool will parse messages to different files according to the requirements you enter in the settings pages of the interface. Messages will also be displayed in the dashboard and you can even be alerted by a sound or a popup message when messages arrive. Finally, the message viewer allows you to sort and filter records for analysis.

17. Nagios Log Server

Nagios Log Server

Nagios Core is a free open source network monitoring system. Icinga 2, which is detailed above, was developed from a copy of the Nagios Core code. This is a very well respected tool that is literally imitated by others. There is also a paid version of Nagios, called Nagios XI, and the developers of this product also created a log server tool. The log server isn’t free, but you don’t have to pay to use it to monitor 500 MB of data per day or less.

The Nagios Log Server runs on Windows and Linux. It will gather Windows events as well as Syslog data. Records will be written to file and they are also listed in the log server’s dashboard. The logs can be stored in one central location or distributed across several servers. There is also an option to create backups of log files. You can even filter Syslog messages so not all of them get stored, or optionally divert important messages to a separate file. Finally, the dashboard allows you to sort and filter live data and also analyze historical data read in from Syslog files.

18. Splunk

Splunk screenshot

Splunk file analysis package that is a  is available in both free and paid versions. The free version is restricted to analyzing file data. However, you can get it to look at your live Syslog messages if you channel them through a file. Unfortunately, you will need to use a different tool to collect those messages in the first place. Splunk will run on Linux, Windows, and Mac Os. The free version is limited to a data throughput of 500 MB per day.

Choose a Syslog Server

You can try several of the Syslog servers on this list because most of them are free and those that aren’t offer free trials. Managing Syslog messages will enable you to get important feedback on your network and that channel of feedback shouldn’t be overlooked!

Do you already use a Syslog server that you would recommend to others? Do you use any of the systems recommended in our list? Leave a message in the Comments section below and share your experience.

Read 18 Best Syslog Servers for Windows and Linux/Unix by Stephen Cooper on AddictiveTips – Tech tips to make you smarter

The Ultimate Guide to Network Design

Once you have a network in place, your main task as a network manager is to maintain its capacity. This is primarily a question of adding on more hardware to cater for more bandwidth demand and more endpoints for staff. However, you can only achieve this expansion in an orderly manner if you have a design framework in place.

When you create a new network, you have the benefit of a clean sheet, which gives you the opportunity to design a service that can easily be expanded. So, if you take over a badly planned network, it can be a good idea to design the system from scratch and then move the existing resources to fit in with your planned layout.

In this guide, you will read about a system to create a design, which will provide you with the layout of a new network. It can also be applied to existing networks to bring them better performance. The scheme in this guide follows the system recommended in the course for the Cisco Certified Network Associate exam (CCNA). So, even if you are not likely to be given the responsibility for creating a network design right now, the tips in this guide should at least help you pass your CCNA exams.

Read on for the ultimate guide to network design!

Design Methodology

Ultimately, networks exist solely to serve the needs of an organization. Of course, each business, charity, or association has unique requirements of its network to consider. For example, the hardware and operating applications that you will need in order to create a network for an online business are different to the equipment that you will need for the business support of a bricks-and-mortar business.

When you consider network design, you don’t need to concern yourself from the very beginning with the task of compiling a hardware requirements list. That will come later. Right now, we are focusing on the design of the network, and not the implementation of that design. Zooming out to a further level of abstraction, at the outset of a design exercise, we are not even concerned with the layout of the network or even its purpose. First, you should focus on the methodology that you will follow in order to design the network.

Work towards creating a framework that defines a network, and that will cater for the organization at any point in the future, not just its immediate needs. The CCNA guidelines recommend taking a top-down approach.

Top-down Approach

Being given the task of creating a network from scratch can be a daunting experience. The question is where do you start? The top-down answer to that question is to create a hierarchy of goals, and then list the tasks that need to be achieved in order to achieve each goal. Once that plan is in place, you will enter into critical path analysis to order tasks so that you can reach the goal in the shortest possible time.

Once you know which tasks need to be started first and which tasks can be performed in parallel, you will be able to plan resource requirements. These will give you the ability to get the right experts on site at the right time, and have them working as quickly as possible to reduce costs. You also will be able to write up an inventory requirement so you will know when you need to have equipment available.

In the top-down approach, considerations of hardware purchasing happen as the last task in the list.

Alternative Approaches

The bottom-up approach is the working method that you are probably used to. This is particularly the case if you are expanding an existing network. In this scenario, the design starting point is a list of equipment. The premise here is “what do we have now, and what equipment will we need to deliver an expanded network?”

The problem of a bottom-up approach to network design is that it is only focuses on the immediate need to fulfill a specific business requirement. It doesn’t put the goal into the context of the wider network and possible future expansion; you just examine one area of the network that needs to be improved. This change could impact other services, and put strain on the capacity of other areas of the network’s infrastructure.

The Agile development model seems to be a bottom-up methodology. With Agile development, you get a rough idea of how to fulfill a requirement, put that solution in place, and then adjust the results once usage data comes in and gives you real-life capacity requirements. Agile development doesn’t rely on guesswork. In fact, the Agile methodology can only be achieved within a framework, and it is the top-down plan that will give your network design the structure that will allow rapid installation and recursive adjustments.

Goal Categories

There are three basic steps in designing a network:

  1. Identify network requirements
  2. Document the existing network
  3. Design the network topology and solutions

Basically, you need to know what your network should end up like, what you’ve got now, and how you are going to get from one to the other.

It may seem strange to work on an identification of requirements first rather than the documentation of the existing network. You might think that it is more logical to start with what you’ve got and then look at what the requirement asks. However, this sequence of steps is only written within the context of the expansion project. You should already have a good plan of your network, and an inventory of your equipment that you use for day-to-day troubleshooting. The existence of this information will make step 2 a lot easier.

Tabula Rasa

When you are working on a network design, thinking about what you already have is a distraction. If you think in those terms, you will end up providing a solution that looks a lot like your existing system. And that might not be the best solution. It is better to start the design without assumptions, otherwise you will never get a network that is significantly better than the one you have already.

Identify Network Requirements

The starting point for any project is a business requirement, which will be stated by a non-technical manager in the organization. You will probably partner with a business project manager in the development of the network.

User Requirement

You need to get the specification of the projected to be written in terms of a goal. This goal needs to list:

  • Capacity requirements: eg, provide access to X number of employees, or serve Y customers per day
  • Purpose: eg, software to run over the network, records to be stored
  • Performance requirements: eg, “acceptable response times”
  • Location requirement: eg, all in one office or allowing access to remote workers
  • Time constraints: eg, by the end of next month
  • Budget constraints: eg, the maximum that can be spent to provide the required service

Technical Requirement

The broadly stated User Requirements can be translated into terms that are meaningful to technical staff, which advances the goal statements to specific capacity issues. This step also requires further research into the purpose goal of the user requirement. From this you should be able to list:

  • New software to be used
  • Storage solutions
  • End device types: eg, desktops, BYOD, WiFi, mobile devices, printers, etc
  • Number of users
  • Bandwidth requirements

You should also be able to work out whether the new requirements will affect the whole network, or just one geographical area. For example, a new business practice, such as introducing an ERP would probably add traffic to every link on an office network. The addition of new staff in the HR department would only add traffic to the network (which lies between the devices the new staff uses to access the network), as well as the servers and equipment that those staff are going to need access to.

Goal Agreement

So you have the User Requirements documented and a rough outline of the IT services that should achieve those goals. Next, write these project aims into a document and get the user manager to sign it off before you progress any further.

Save New Requirements For Future Projects

Once you have a goal agreement, you’ll have established the parameters of the project and you can avoid extra requirements from being added on. New requirements will naturally arise as the project advances. However, these should be noted down and set as goals to be considered for a follow-on project, and not be allowed to delay or divert the work effort for the current project.

The creation or expansion of a network is unavoidably linked to the software and data processing requirements of the organization. However, considerations of software purchases and server capacity should be split out as separate goals.

Eliminate Vague Language From Your Goals

For the purposes of this guide, we are just focusing on the planning for network design. The goal agreement, therefore, should be written after the user manager has already assessed software options and formed a clear staffing requirement for the business.

Write precise figures into the goal wherever possible, as vagueness over performance goals is inevitable when communicating with non-technical staff. However, the number of users expected to be added to the network, the number and type of endpoints, and the number of visitors expected to a website, should all be clearly stated.

If you don’t tighten up your goal agreement, the user manager will use vague goals as a backdoor to expand the project. And then, you will have to answer questions as to why you were unable to stick to your agreed budget and delivery timetable.

Document the Existing Network

Hopefully, you have effective network management software already in place. That tool will be able to give you a status report on the current performance of the network. If you are creating a new network, the existing performance of the network is not applicable–you will just have to skip this step.

Take Stock Of Onsite Equipment

As you should be able to gather the capacity of every device and cable on your network out of your network monitor, it isn’t a waste of time to include an examination of all equipment in the network. However, the geographical requirements of your goal agreement should enable you to limit the extent of the planning exercise. For example, if you run a WAN, you are adding on ten new endpoints to one site. Your impact analysis could reasonably be restricted to the network equipment and cable on the site where the expansion is to take place. If those endpoints will be used to communicate with a remote server, then the internet link to that server is also relevant to the project.

Map Out Network Topology

Take a copy of your existing network topology, either digitally or physically, and mark an outline around that part of the network that will be affected by the change. Create a list of the devices and links in that limited area. For each element in the network, note down:

  • Device bandwidth capacity
  • Average current bandwidth demand
  • Peak current bandwidth demand

For each switch on your network, note these additional factors:

  • Current number of ports occupied
  • Current connections to neighboring devices
  • Current connections to endpoints
  • Number of available ports

Mark on the network map the location of any new equipment, such as the required desktop computers, and then test the routes between the nearest switch through to the likely destination for the new traffic that the project will generate. For each identified route, draw out the path, showing the cable and network devices in sequence. Note down the lowest capacity element in each route, and then record the average and peak demand on that route, both link-by-link and end-to-end.

Design Layers

Once you are into the design phase of your project, you need to examine the new requirements and whether your existing equipment and layout will contribute to delivering the goal. The CCNA course breaks up network design into three layers:

  • Core
  • Distribution
  • Access

Each of these layers requires different design considerations:

Core Layer Design Considerations

The Core layer is the network backbone. When you plan this aspect of your network, you examine the physical equipment that you will need. Remember to set the scope of Core layer consideration to the portion of the network that will be impacted by the project. You will be focusing on the requirements for:

  • Routers and switches
  • Load balancing
  • Route redundancy
  • High speed link requirements
  • Optimal routing protocols

Out on the internet, every router has to implement the Border Gateway Protocol. However, within the confines of your private network, you have many more options, and can choose whichever routing protocol best suits your networks purpose.

The load balancing requirement and routing considerations are interdependent. For example, the Spanning Tree Protocol limits routing options to just one path and will not allow you to split traffic. Try building in route redundancy to provide cover for failure of the main path.

Consider implementing:

  • Enhanced Interior Gateway Routing Protocol
  • Open Shortest Path First Protocol

Hardware Requirements

Investigate the hardware requirements for your chosen protocol. For example, you may need to use routers within the network where you might usually install switches. Prioritize equipment that has failsafe features, such as extra management modules, dual support components (power supplies and fans), and a chassis-based design that makes it easier to partner duplicated equipment.

Network Topology

The next issue to consider is the network topology, should you consider full-mesh and partial-mesh options? The topology that you choose will be dependent on the size of your network, the number of redundant links that you build in, and your choice of routing protocol.

Distribution Layer Design Considerations

The Distribution layer examines the boundaries between systems. This includes the interaction between your network and the outside world, or between the area of the network that is under consideration and the rest of the network. The border conditions covered at the Distribution layer also include the interactions between the Access layer and the Core layer.

As this layer is concerned with the borders of your network, it focuses on routers rather than switches. You will be considering the inflows and outflows of traffic that your Core layer design has to deal with. Focus on these factors:

  • Traffic filtering
  • Access control
  • Route summarizing
  • Core protection
  • Inter-VLAN traffic

Shaping Traffic

In this layer, you will be looking at possible traffic-shaping measures, such as prioritization and queuing at the boundary of the network.

  • Think about how the facilities of the network topology can be enhanced by routing consideration to provide some nodes quicker access to essential services, such as applications servers or storage. Consider trunking and load balancing with QoS tagging to get specific users better performance from their key applications.
  • If you have a web server and operate a branch of the network in isolation from your office system, the interaction between those zones would be the remit of the Distribution layer. Consider installing equipment clusters and load balancing at the gateway into external-facing resources. Apply resource redundancy for critically important access paths.
  • Consider access control lists (ACLs) to filter traffic from the internet or a DMZ into your core network.

Recommended Routing Protocols

Cisco recommends a couple more routing methodologies for the Distribution layer than it does for the Core layer. Consider:

  • Enhanced Interior Gateway Routing Protocol
  • Open Shortest Path First Protocol
  • Routing Information Protocol version 2
  • Intermediate System-to-Intermediate System Protocol

These protocols all include procedures for route summarization, which is an important network optimization element required in the Distribution layer. You should particularly avoid classful routing methods for the Distribution layer. These will specify individual routes for all traffic, which is inefficient when feeding traffic into the network and doesn’t make the most of your subnetting efforts.

Access Layer Design Considerations

Whereas the Distribution layer looks at how traffic feeds in from other networks, the Access layer is concerned with how user endpoints attach to the core network. At this final layer, you already have the Core network and Distribution layers planned. When dealing with endpoints, you don’t have to be concerned with how traffic from an endpoint will traverse the core network, out through a router and across the internet to remote resources. You just need to examine how the type and location of user devices will impact on core network traffic patterns.

As user devices greatly outnumber every other type of equipment on an office network, this section could be the most important section of the design. However, in the case of small, internet-based businesses, you might not have much work to do in the Access layer. As Cloud services and telecommuting become more prevalent, the concepts of endpoints become less important.

Resource-intensive Applications

At this layer, you will be examining the equipment of your wiring closets and their locations. The most critical applications that will need a lot of attention at the Access layer are interactive utilities that run over VLANs–voice and video services. Here, you will need to implement QoS tagging to keep your VLAN traffic distinct from your data network. You also need to consider prioritizing these types of traffic, because speed of delivery is critically important to their functionality.

Virtualizations

Virtualizations are also the responsibility of the Access layer. However, the CCNA guidelines mention this technology only briefly. If you are studying network design considerations for an actual implementation, you will spend a lot more time investigating your virtualization requirements than you will spend on your VLANs. However, if you are studying for the CCNA exams, focus more on getting to know VLAN issues because they come up in the exam more than virtualizations.

Mobile Devices

Wireless equipment should be considered in the Access layer and the management of mobile devices is also a key consideration in this layer. You will need to investigate mobile device management software and decide whether you are going to encourage the user of employee-owned devices, or supply all mobile devices.

Network Design Factors

Ultimately, you will need to add on network management software when you design your network. Consider the recommendations in the Addictive Tips review of network management software as a guideline.

 

Do you follow a different methodology for network design? Have you gone through the CCNA exams and then implemented the three layer model in an actual network design? Leave a message in the Comments section below and share your experiences.

Read The Ultimate Guide to Network Design by Stephen Cooper on AddictiveTips – Tech tips to make you smarter

6 Best Network Management Tools that Track Performance

Keeping track of your network’s performance means watching the activities of the equipment on the LAN. In order to prevent problems with capacity from emerging, you’ll need to closely monitor the switches and routers that connect your network links together. If a network device becomes overloaded, all of the traffic that passes through it will be slowed.

Although the best network management tools cost money, in the long run, they will reduce your costs. If the network slows down frequently, your staff will not be able to complete all of their tasks efficiently and that will impact your turnover, thereby reducing your profit. A poorly performing network increases calls to the IT Help Desk, so a saving on network management software ends up increasing the IT support budget.

The majority of network management tools are remarkably similar. They rely on the Simple Network Management Protocol for source data. The difference between tools comes down to how they manage and represent the SNMP data.

Best Network Management Tools

Here is a quick list of our recommendations on the 6 best network management tools and software:

  • SolarWinds Network Performance Monitor
  • Paessler PRTG
  • ManageEngine OpManager
  • WhatsUp Gold
  • Spiceworks Network Monitor
  • Zabbix

You can read details about these tools in the following sections.

1. SolarWinds Network Performance Monitor (FREE TRIAL)

SolarWinds Network Performance Monitor

SolarWinds is a world leader in the IT infrastructure monitoring software market, and the Network Performance Monitor is the company’s key product. The Network Performance Monitor uses SNMP for device discovery and ongoing monitoring. The software installs on the Windows Server environment, and will perform an initial system sweep on starting operations. From the information that enquiry gathers, the NPM will compile a hardware inventory and generate a handy network map. The NPM can handle both SNMPv2 and SNMPv3.

Alerts. The dashboard of the Network Performance Monitor shows alerts in a list. You can also get those alerts written to file. The display of alerts can be filtered so that you only get notifications of a specific warning severity or from specified sources. You can also combine conditions to create customized alerts. The monitor extends its vision to remote devices on WANs and also cloud servers. The system can also monitor wireless networks.

Mapping. The mapping capabilities of the NMP include a straightforward relationship drawing that plots connections between all of your devices. For an analytical perspective, you could access the NetPath feature of the Network Performance Monitor dashboard. It shows the network connections from one node on your network through to another. This functionality also extends out to cloud servers. The wireless monitoring capabilities of NPM include wireless heat maps, which show the WiFi signal footprints drawn onto a floor plan of your offices. These heat maps let you see where there are signal dead zones and where there is too much signal overlap.

Modularity. The monitoring and analytical capabilities of the Network Performance Monitor can be extended by integrating it with other SolarWinds tools. The company created a common platform for IT infrastructure management systems, called Orion. This platform makes it possible for different SolarWinds products to fit together, share data, and contribute to cross-modular facilities. These other tools include a bandwidth monitor, a virtualization manager, a server and applications monitor, and a configuration manager.

The SolarWinds Network Performance Monitor is the leading network management tool in the world, so you should expect to pay a good price for it. However, you can get a full working version of the NPM for a 30-day free trial to assess its capabilities.

2. Paessler PRTG

Paessler PRTG

Paessler PRTG is a package of monitoring tools presented in a single unified interface. The utility monitors network devices, servers, and applications and it can also track, record, and analyze network traffic. The architecture of PRTG is built up from “sensors.” Each sensor specializes in monitoring one component of a network or one condition. The price of the service is calculated in terms of the number of sensors that get activated. So, you can tailor the system to just one module, such as a network performance monitor tracking your network devices, or you can activate many, many sensors across modules to create a comprehensive infrastructure management system. You don’t have to pay anything to use the system for up to 100 sensors.

Monitoring & Alerts. The network performance division of PRTG uses Ping and SNMP to identify and track your switches and routers and also all of the other devices that are connected to your network. You will get SNMP alerts reported in the dashboard, and you can also choose to have them written to a file. The conditions that trigger alerts can be customized, enabling you to string several warnings from different sources together in order to construct an alert that would really grab your attention. It is possible to filter out some conditions so that you don’t get pestered by relatively unimportant warnings every hour of the day. You can get alarms sent to you by email or SMS and the interface allows you to specify conditions that direct different types of alerts to different team members.

The visibility of PRTG extends to WANs and cloud servers and it can also monitor wireless networks. The complexities of virtualizations are easy to monitor with PRTG because it has application, server, and network monitoring capabilities out of the box.

Mapping. PRTG has some great mapping capabilities. Maps in different formats are generated automatically, but you can customize them with a map editor. The distinctive PRTG map layout is its starburst layout, which shows the application, service, and hardware stack that supports each piece of software that your users access.

Paessler offers a 30-day free trial of PRTG with unlimited sensors. Paessler PRTG installs on Windows Server and is also available as an online service.

3. ManageEngine OpManager

OpManager

ManageEngine is probably the third of the world-leading infrastructure management software producers. The company is a division of Zoho Corporation, so not only can its tools work together, but they are also compatible with the Zoho stable of business applications. OpManager is the key tool that ManageEngine produces. It is the network performance monitor of the company’s range of products.

Monitoring. OpManager uses SNMP to track the health of network devices. It also includes network discovery functions and automatic network mapping. The dashboard includes some great graphical representations of data and it also shows alerts as soon as they arise. You can access the dashboard through mobile devices. The monitoring capabilities of OpManager extend to wireless networks and the system can cover remote networks on a WAN and cloud-based servers. The ability to monitor distributed networks is available in the Enterprise Edition, which is more expensive than the standard Essential package. All ManageEngine software installs on Windows Server or Linux.

Modularity. It is usual for customers to start with OpManager and then add on other monitoring tools from the ManageEngine catalog — they are all able to integrate with each other and contribute data and functionality to common modules. This includes virtualization monitoring capabilities.

ManageEngine offers a free version of OpManager that will monitor up to five devices. You can access a 30-day free trial of the system without any device limits.

4. WhatsUp Gold

WhatsUp Gold

Although the top three tools in our list offer scalable pricing plans that should appeal to all sizes of enterprises, the full capabilities of those utilities would probably be better suited to big networks. If you don’t have a large team to help you manage your networks, you probably won’t ever use all of the facilities of those tools and the WhatsUp Gold network management system would suit you better. This is a tool that is a good choice for medium-sized networks. However, the tool is also capable of monitoring WANs and cloud-servers and it can cover wireless networks as well as LANs.

Monitoring & Add-ons. WhatsUp Gold employs SNMP to monitor network equipment and other devices connected to your LAN. The monitor automatically traces all devices on the network and logs them in a register. It also generates network maps automatically. The dashboard of the monitor shows you alerts, which you can customize. The alerts can also be forwarded to you by SMS or email.

The standard WhatsUp Gold package is capable of monitoring virtualizations. However, you can get deeper intelligence on VM performance with a Virtualization Monitoring add-on. Other add-ons that extend the capabilities of WhatsUp Gold cover configuration management, VoIP monitoring, Cloud monitors, application and server monitors, and network traffic analysis.

WhatsUp Gold is available on a 30-day free trial.

5. Spiceworks Inventory

Spiceworks Inventory

If you don’t want to pay anything at all for your network management software, then you should check out Spiceworks, which is ad-supported. This is a very attractive tool that includes a sophisticated dashboard featuring graphs and dials to make event comprehension simple. The software installs on Windows, Mac OS, and Debian or Ubuntu Linux. The tool is also available as an online service.

Tracking & Configuration. The Spiceworks monitor uses SNMP to track all of the equipment that you have connected to your network. The tool includes an autodiscovery feature that will compile your hardware inventory and map your network. The monitor tracks servers and applications as well as network devices. A very useful management function built into Spiceworks is its configuration manager and its automatic patch management system. You don’t even need to look out for new versions of your firmware and software because the tool does that for you.

Spiceworks Inventory is a very comprehensive tool for small and middle-sized network. It can monitor cloud servers and wireless systems as well as standard wired on-premises LANs. The tool interfaces with Active Directory to match up users to activities, so you can track suspicious account activity and even record which administrators were responsible for which system changes. The tool integrates with Help Desk software produced by Spiceworks, which is also available as an online service.

You just have to learn to put up with all of the adverts.

6. Zabbix

Zabbix

Zabbix is another free option that is worth considering for small and middle-sized networks. This tool uses SNMP to discover and monitor all of the devices connected to your network. Ongoing monitoring activities include the ability to receive alerts, which are displayed in the tool’s dashboard. Those notifications can be stored to file and also sent as email, SMS, or messenger alarms. Zabbix will compile and maintain a device inventory and also create a network map. The tool can include wireless networks and Cloud servers in your monitoring system. You can even set up actions to perform on the receipt of alerts. Those actions include data gathering routines and remediation scripts.

Monitoring & Security. Zabbix isn’t limited to network device monitoring systems. It also monitors servers, applications and network traffic. That’s a good combination for those who want to monitor VM implementations. This tool will automatically gather a list of all of your equipment, their attributes, and statuses and store that information in an inventory. The monitor continues to check for the presence of new devices and can spot when equipment is retired or moved. The discovery module will also create a network map for you.

If you are covering multiple sites from one central monitor, Zabbix would be a good option because it encrypts all communications between the manager console and sensors so snoopers on the Internet will be locked out.

Support & Reporting. A Zabbix community provides you with tips and support when you run into trouble. The knowledge base on the Zabbix website is not so hot and if you want customer support from the company, you have to pay for it.

Zabbix runs on Windows, Linux, Unix, and Mac OS. The reporting functions of the system are not so great, but you can pick up formats from the user community or write your own custom reports.

Simple Network Management Protocol

The Simple Network Management Protocol is an open standard. That means that it is not owned by anyone and it is free to download and use. The standard is maintained by the Internet Engineering Taskforce and is available in the document RFC 3411.

There have been three full versions of SNMP since its creation in 1988. The second version of the protocol has three variations. The difference between these is the method each uses for authentication. The base version, SNMPv2 uses a party-based verification system. This is very difficult to implement, so it is hardly ever used. The two other editions of this standard are SNMPv2c, which uses a “community-based” system for authentication and SNMPv2u, which has a user-based model. Of these, SNMPv2c is by far the most widely implemented.

Although SNMPv3 has been a stable definition since 2002, there are still many implementations of SNMPv2c operating on network devices around the world. It is very likely that you have some devices on your network that follow SNMPv2c and others that use SNMPv3. So, it is important to get a network monitoring system that can interact with both of these versions of SNMP.

SNMP Benefits

SNMP defines a framework for central network monitors to communicate with all of the devices connected to the network. The standard includes a communication format, which is called the Management Information Base, or “MIB”. This is a file structure that allocates codes to different components of a network device and their properties. The coding system follows a tree structure. Manually decoding the meaning of MIB codes is a very complicated process, but you can get interpreters for free that will explain this structure.

Ubiquitous

SNMP is so widely used that any manufacturer wanting to get into the market for network equipment has to include an SNMP agent in its devices’ firmware. So, if you want to implement SNMP on your network, you don’t have to install any software on your network equipment, you just need a central management program that will communicate with SNMP agents. On some equipment, the SNMP agent is turned off by default.

Fast Alerts

The SNMP controller sends out a request broadcast at regular intervals. Each device agent is a daemon that checks the statuses of different attributes on the piece of equipment that it is monitoring and updates its MIB file. When the agent receives a request for information from the central controller, it sends back the current version of its MIB.

If the device agent picks up a critical condition on its piece of hardware, it updates its MIB with that information and sends that file to the controller immediately, without waiting for a request for information. This message is called an SNMP trap and it is the source of the alerts that the controller program will push straight through to the dashboard of your network monitoring system.

The trap mechanism means that SNMP reports on alert conditions much quicker that other network device monitoring methodologies. This is what makes this system so universally adopted.

Network Discovery

The constant polling for statuses that the SNMP system incorporates brings the benefit of enabling the controller to spot devices. This is often termed an “autodiscovery” feature, and is a common facility of all SNMP-based network management tools.

The first request for information brings back an MIB file from each device that is connected to the network. With this information, the controller can discover each device’s type, its manufacturer and model and also which other devices it is connected to. This information gets written into a registry and gives the network management tool an initial list of all contactable devices on the network.

The link information contained in the MIB enables sophisticated network management tools to automatically draw up a map of the network. The producers of network management tools compete to provide innovative and eye-catching network maps, because this is an area of network management where a tool can differentiate itself from all of the other systems operating with SNMP procedures.

Immediate Registry Update

As the network management tool continues to monitor the network by repeatedly sending out information requests and receiving back MIBS, it instantly notices when a device does not respond, marking that devices as removed from the network. It can also recognize when a new device is attached to the network because it will receive an MIB from that component for the first time.

By checking on the connection information reported by each device, the central controller can spot when a device is moved from one area of the network to another. Thus, the registry can be updated immediately, and the network map can be redrawn to display the current layout of the network. This feature is a great time saver for network administrators because it removes all of the manual tasks needed to maintain a hardware inventory and keep track of the relationships between devices.

Choose a Network Management Tool

Thanks to industry standards such as SNMP, there are many solid network management tools on the market that all have the same basic competence. The extras that each producing company adds to its network monitors create the differences between them. Some are excel at tracking virtualizations, while others excel at network mapping and WAN management. Nowadays, there are network management tools that specialize in monitoring cloud-based servers and network services and many of the network monitors on the market are delivered as cloud services themselves.

Ultimately, your choice of network management tool will come down to which has a layout that pleases you most and which has extra features and specializations that map more precisely to your requirements. Fortunately all of the options in our list are available for free or can be tested on a free trial, so you can try each before you make your decision.

 

Do you use a network management tool? Have you tried any of the tools on our list? Which network monitor did you choose and what led you to that decision? Leave a message in the Comments section below and share your experience with the community.

Read 6 Best Network Management Tools that Track Performance by Stephen Cooper on AddictiveTips – Tech tips to make you smarter