Network Security Monitoring

Monitor Your Network

You may have taken steps to secure your home network against intrusion by bad guys lurking on the Internet. Hopefully, you have a hardware or software firewall guarding the entrance to your network. (See my earlier discussion of firewalls here: Do I Need a Firewall?) You keep your operating system up to date so that the latest security patches are in place. Anti-malware software such as AVG Antivirus should be scanning all inbound and outbound Internet traffic for suspicious activity and content. Occasionally, you run a security vulnerabilities check using a free utility such as Advanced Systems Care Pro by IObit.com. With all those precautions, do you need any other network security monitoring tools?

Generally, no. The precautions enumerated above provide reasonably strong network security for the typical home or small business user. They will guard against the most common sort of intrusion attempts: quick, mindless probes by software robots seeking low-hanging fruit, the networks that are wide open and easily hacked.

Think of these probes as a would-be car thief roaming through a parking lot, trying door handle after door handle in search of one that isn't locked. If the thief doesn't know whether there's anything of great value in a particular car, he won't spend any significant effort to break into it. But if the car is a Porsche or bears a sign reading, "Diamond Trader," he will go to greater lengths. Most of us don't drive Porsches or trade diamonds, but a few of us need the extra security of network monitoring software.

Perhaps you are known, online and off, as someone who holds lots of highly valuable data. Perhaps your network belongs to a major bank, stock trading company, or retailer. Then hackers may surmise that breaking into your network will yield thousands or millions of customer identities they can sell or use themselves, or trade secrets they can exploit. If your network is such a high-value target, then network monitoring software is prudent.

Network and Security Monitoring Tools

The NETSTAT command is built into Windows computers, and can help you to identify all current network activity on your computer. The output can be a bit cryptic, so this Netstat Tutorial will prove helpful. You might also find the ShieldsUp! online security scanner useful to ensure that your computer doesn't have any gaping network holes.

Network security monitoring software constantly analyzes your network for newly created vulnerabilities: ports that may have been opened inadvertently or intentionally by users or the software they install; changes to network configurations made by administrators that accidentally create holes through which intruders can come; new software installed that may have inherent vulnerabilities; and other security vulnerabilities that tend to creep into any active network.

User activity that exposes the network to intruders is also detected by network security monitoring software. For example, if a user is uploading files to an unknown or forbidden destination on the Internet, network monitoring software may alert human authorities. It could be someone selling your customer list to a competitor, after all.

Finally, network security monitoring software keeps an eye on the other safeguards that you have in place: firewall, antimalware utilities, etc. It looks for external attempts to bypass or disable these safeguards, and other early indicators that your network is under conscious attack and not just haphazard probes. It's like having a surveillance camera watching your locked car to alert you when someone does more than just jiggle the door handle.

There are commercial and open source (free) network security monitoring software packages. Commercial programs typically come with tech support and regular upgrades, while open source packages are for the self-reliant, technically savvy administrator who wants to tweak the code and figure things out himself. Either way, there are plenty of options from which to choose. Sguil is one popular open source network security monitoring tool. Another option is Snort, a network intrusion prevention and detection system that runs on both Windows and Linux.

Do you have something to say about network security monitoring? Post your comment or question below...