High on the list of network engineering nightmares is a business critical process failing because it didn’t receive adequate bandwidth. With applications, users and data competing for bandwidth, how do you assure your business-critical applications are getting the bandwidth they need for optimum performance? The best approach is a combination of network QoS (Quality of Service) policies and bandwidth utilization monitoring.

Don't let your applications go hungry.
Mission-critical business applications have a healthy appetite for network bandwidth.

Defining QoS policies in your network infrastructure allows you prioritize or guarantee the allocation of network bandwidth to different applications or users. So QoS is key to assuring that mission critical applications or business processes get the bandwidth they need. QoS can help you avoid the nightmare of having a business update process fail because a group of users are streaming a sports event. QoS policies can take various forms such as:

  • Policing: Ensuring a business critical application gets a pre-defined minimum level of bandwidth or that non-critical applications are limited to a maximum.
  • Shaping: Queueing non-critical excess packets for transmission over time to prevent burst traffic spikes that can impact other applications.
  • Priority queuing: allocate bandwidth to prioritized applications (like VoIP), before doling out to others.

But, depending on your environment, it can be difficult to fully define a flawless bandwidth utilization environment. That streaming event may be happening in the board room or IT might not be in the loop regarding a new process/application that sales has rolled out. So you need a way to proactively monitor bandwidth utilization so you can be alerted at the first sign of developing bottlenecks, violations or new bandwidth hogs. Best practice would be to implement a network traffic flow monitor.

Flow monitors analyze bandwidth usage to provide useful insight to applications and users that are top traffic consumers. They can often be configured to alert you to bandwidth hogs or bandwidth deprived critical applications. A “flow” is a contiguous series of packets that share the same characteristics like source and destination IP addresses, source and destination ports, IP protocol, Type of Service etc. If your network hardware supports the capability, flows are collected and forwarded to a flow monitor. There are vendor specific implementations of flow collection, so your flow monitor should be conversant in whatever format your network equipment vendor(s) support.

When selecting a flow monitor solution here are some key characteristics to look for:

  • Support multiple, vendor specific flow collection standards (NetFlow, SFlow, J-Flow, IPFIX, NetFlow Lite, etc. ).
  • Pre-packaged and customizable reports and dashboards that let you identify top senders, receivers, conversations, ports, and protocols consuming network bandwidth.
  • Real-time alerting to problematic trends, bottlenecks and policy violations.
  • QoS verification through pre and post policy implementation views.
  • Automatic discovery and configuration of flow enabled devices to save time and ease configuration

With the combination of QoS and flow monitoring you can be pretty confident that you won’t be called in to the executive suites to explain a major bandwidth utilization issue affecting the business. And, of course, Ipswitch has a robust flow monitor plug in to WhatsUp Gold that you should check out.


Key regulatory compliance mandates imposed by HIPAA, SOX, FISMA, PCI, MiFID, Basel II and others require the tracking of access to scoped systems (those containing regulated data). A key question for IT managers becomes ‘what log data should I collect and how to I manage log storage, retrieval and analysis’. IT Ops teams in small to mid-sized companies should also be asking ‘how do I assure compliance without huge expenditures of budget and manpower. ThinkstockPhotos-504508487

What logs should be collected for compliance?

While the specifics are dependent on the applicable mandate (HIPAA, PCI, etc.) there are common characteristics that will help you meet audit requirements. Generally, the compliance mandate is concerned with your ability to safeguard data such as social security numbers, addresses, logins, credit card numbers, health records, investment plans and banking details. From an IT management perspective, this means we are trying to gather, store and analyze logs that might show actual or attempted scoped data breaches. As example, the following is the recommended Audit Policy for Windows for PCI DSS (Payment Card Industry Data Security Standard).

  • Account Logon Events – Success and Failure
  • Account Management Events – Success and Failure
  • Directory Service Access Events – Failure
  • Logon Events – Success and Failure
  • Object Access Events – Success and Failure
  • Policy Change Events – Success and Failure
  • Privilege Use Events – Failure
  • System Events – Success and Failure

You should also collect access logs for pertinent non-syslog applications running on scoped servers. It is recommended that you have a centralized logging system or dedicated system acting as the syslog receiver.

How long must the data be retained?

Again, the specifics depend on the standard and you should consult, or enlist the services of, a Qualified Security Auditor (QSA) to determine exact requirements but typically the required retention period is between 1year and 6 years. In the case of PCI the requirement is to store all logs for 1 year but have the last 3 months easily accessible. Keeping things in perspective for the small to mid-sized business, if you have enough storage on the centralized logging server you should then retain all logs from scoped systems for one year. If there isn’t sufficient storage available on the centralized server then maintain the last 3 months and roll anything older and less than 1 year to long term storage.

How do I manage and analyze compliance related logs cost-effectively?

Due to the number and size of the logs generated on Windows networks, it is considered best practice to use higher level Event Log Analyzers to automate aggregation and analysis. IT managers in small to mid-sized businesses should consider solutions that strike a healthy balance between functionality and cost. In considering functionality, be careful not to let feature creep influence you to invest in a tool that ‘can do everything’ when your foreseeable needs only require compliance to regulations. In considering cost be sure to add in the ongoing cost of dedicated headcount that may be needed to configure and maintain the solution.

An event log analyzer should be a key component of your infrastructure strategy. With an event log management solution like Ipswitch Log Management Suite, you can analyze logs, secure your network, reduce risks and liabilities, respond faster to security threats and network outages, and automate the administration of collecting and archiving logs.

>> If you would like to learn how to use log management software to address common security and compliance scenarios that your organization faces check out our on-demand security and compliance webinar with Ipswitch Solutions Engineer, Deb Mattson, who walks through 4 common security use-cases —  including how built-in compliance reporting using our log management software can scan Windows, Syslog or IIS/W3C event logs to allow you to create alerts and reporting on potentially non-compliant activities.


Most people tend to associate the Dark Ages with horrible things like war, famine, disease and Monty Python but they probably don’t associate it with network performance and availability issues. Unless that person happens to be an IT administrator.

For this group, the Dark Ages take on a whole other meaning. It’s about having difficulty addressing problems with availability and performance of their network, applications and servers. It’s about being blindsided when an issue arises, forcing them to be reactive rather than proactive. It’s about mounting user complaints with regard to slow or spotty performance. And it’s about time that changed!

If your organization depends on disparate, out-of-the box monitoring systems, you don’t have the visibility you need to get to the root cause of an issue quickly—or the ability to anticipate problems before they happen. Our latest eGuide, Escape the Dark Ages of Poor Network Performance and Low Availability, can give you some tips on how to move towards the light. In other words, how device and dependency awareness in your monitoring system can greatly improve visibility.   Escape the Dark Ages of Poor Network Performance and Low Availability

Here are some proven methods to map your networks and applications, so you can develop a comprehensive network performance dashboard that will keep you ahead of problems and help you avoid wasting time chasing down false positives.

7 Key Capabilities

You know that “slow” is the new “down.” And you also know that today’s systems are increasingly complex and interconnected. Therefore, you need a performance monitoring solution that offers a single, integrated view across your network, applications and servers. When evaluating solutions, make sure it offers these seven capabilities:

  1. Device and dependency awareness. If you want to avoid the domino effect when a problem arises (because you didn’t account for the dependencies between devices on your network) you need a map of all those interconnections. But manually creating a network map is labor-intensive. Instead, look for a solution that has dependency awareness and layer 2/3 mapping and discovery designed into it without manual effort.
  2. Real-time alerts and drill-down/historical dashboards. With threshold-based real-time alerts you get early warnings of potential problems. The right dashboard will help you to find problems quickly and spot trends.
  3. Automatic fix of known problems. Your solution should enable you to use Active Scripts, PowerShell scripts and embedded action to restart services, reboot network devices and services, and initiate malware scans—automatically—for problems you know how to correct.
  4. Endto-end integrated monitoring. With a “single version of the truth” you’ll be able to simplify IT operations—and your life!
  5. Speed to production. Make sure you can be up and running quickly with production-ready monitoring that features dependency awareness and rapid discovery and mapping.
  6. Transparent devicebased pricing. Port-based pricing can drive up your total cost of ownership. Lock in device-based pricing.
  7. An integrated system from a proven industry leader. Your small or medium business deserves enterprise capabilities from an experienced vendor.

Ready to Climb Out of the “Basic” Monitoring Pit?

To solve problems with poor network performance and low availability, you need a single, integrated solution from a well-seasoned vendor. It must go beyond “basic” monitoring to:

  • Get to the root cause quickly and easily with dependency awareness
  • Save time with rapid discovery and mapping
  • Improve visibility with layer 2/3
  • Make your users more productive
  • Be production-ready within an hour

If you’re ready to shine a light on your network and performance monitoring needs, check out Escape the Dark Ages of Poor Network Performance and Low Availability.

In this blog series based on our white paper, “9 Noble Truths of Network, Server and Application Monitoring,” we’ve been delving into the problems plaguing IT and describe individual paths for each solution. Here, we continue with the next three 9 Noble Truths.

No IT team wants their network to hit a stop light

Truth #4: Downtime is not an option 

You can’t afford downtime in today’s non-stop world. Aberdeen Group’s research found that between June 2010 and February 2012 the cost per hour of downtime increased by 38%. As organizations continue to automate and rely on the network to get business done, the increase cost of downtime will only continue to rise. Every type of company relies on an application on a network to complete some aspect of its work process—and a stop there means a stop to business.

Truth #5: Network and application performance defines your reputation

Ipswitch 9 Noble Truths
7 Most Common Root Causes of Network Performance Issues

From the perspective of customers, partners and employees, your network is your business and your reputation is on the line every time it is accessed. Major incidents like an outage or a security breach have the power to impact reputation – and according to a recent study by IBM and Forbes, reputational damage lasts far beyond recovery times. There are no second chances when it comes to the deployment of new IT infrastructure and services. “Organizations that have capabilities for measuring quality of end-user experience are twice as likely as other companies to improve their brand reputation,” said Hyoun Park, Research Analyst, Aberdeen Group.

Truth #6: You must find and fix problems before users are impacted

IT teams shouldn’t find out that users are having problems from the helpdesk. You must be able to proactively identify and resolve issues before users report service degradations. Proactivity comes in three steps, and will be discussed in the next few weeks.

Be sure to read Part 1 of our blog series and check back soon for another peek at our 9 Noble Truths. In the meantime, you can download the white paper and learn:

  • The nine truths for deploying network, server and application monitoring
  • How IT teams can meet the need to thrive while doing more with less
  • How to find and fix problems before users are impacted

I was asked recently to speak on a panel entitled “What IT Skills/Roles Should Reside in the Business” Premier CIO Forum in Boston. The event, held earlier this week, was a well-attended and engaging event supported by SIM (Society for Information Management). There was an impressive roster of IT executives from across New England.

photo (6)
Premier CIO Forum, Boston (March 25, 2014)

New technology is now requiring IT and the Business and to be extraordinary dancing partners” said Sharon Kaiser, CIO for ABIOMED, Inc., as she opened our session as moderator. My fellow panelists were Matthew Ferm, Managing Partner of Harvard Partners, and Hunter Smith, former CIO of Acadian Asset Management. We analyzed the “Dance between IT and the Business”. Who should lead? What are the right steps to follow? What’s the expected pace? It was a lively discussion, with a very participative audience.  Here are the highlights:

  • Speed, flexibility and leadership are key for today’s IT. Shadow IT, where pockets of a Business or go off on their own to buy, say cloud services or a product, is usually acting responsively to when an IT department is being unresponsive. Shadow IT also happens when individual employees download an application right onto their machine. The trouble with Shadow IT is that it also often silos IT. Many times the business will come back with a need to integrate a hastily purchased product, or even to get it to run.  The lesson here is to have a deep partnership between IT and the rest of the business, continually optimized, is needed. If IT is truly enabling, it will not be viewed just as a gate-keeper, but as a partner.
  • For engaging well with others you need skills in IT and the Business that complement each other.  Thus Business Analysis (BA) as a position residing in a Business is very helpful. It ensures requirements are vetted, understood and relatively fixed, and there will be ownership for what IT will be asked to do. But, IT also needs BA skills on their side, even if it may not be a job title. Most importantly, IT must understand business processes deeply so that the value of a project is understood, and where needed, valid input can be given on process simplification where warranted. The BA role in the Business must understand technology and how IT works for this to be a true partnership.
  • Security, Disaster Recovery, responsibility for LAN/WAN/server environments and access should all reside with IT.  Some roles, such as project management (PM) can be in either IT or the Business, since good PM will be driven by data and not by persuasion or vested interest.  Some roles, such as QA/Testing need to go beyond IT testing a technology developed to meet a business need. It must say, “yes, hit the requirements” to the Business testing out the actual use cases with a process workflow, so that base assumptions and expected value are actually vetted out.

These discussions showed that regardless of company size, the audience had similar experiences: rapidly increasing need for a close, agile relationship between IT and the Business, a huge technology wave of possibilities, and opportunity for re-thinking roles and responsibilities. One must experiment and evolve, as well as establish a strong communications and shared-goal mentality with the Business. I ended by noting, “If you treat IT as a commodity that is what you will get. If you treat it as the leading edge of your Business, you will have a weapon like no other.” The audience very much agreed.

— Azmi Jafarey, Chief Information Officer, Ipswitch

A university network supports a broad population of students, faculty and others who all rely on a wireless network to do their work. Consider the user population. A big segment of it grew up with the Internet. And they have little patience for dead spots that don’t provide access to it.

A customer of ours works at a large university in Ohio. There are no less than 2,700 access points on his wireless network. Before he started using WhatsUp Gold from Ipswitch, his team had to physically check wireless network equipment around campus whenever there was a problem. It was wearing patience his patience thin. And the soles on his IT staffs’ sneakers. This meant long wait times to resolve issues, and way too many calls made and tickets opened by melodramatic students. student_hero20110208

The challenge was to support a group of vocal users who, in some respects, were causing the problems they complained about. There’s an average of three mobile devices per student attached to the network. Vimeo, torrents, and every other bandwidth hog you can imagine steams through the pipes. In other words, it was a BYOD free for all and the IT staff had to keep Internet wireless network connections going strong in light of the chaos.

When our customer decided enough was enough he looked for a product that provided the wireless network performance monitoring features he needed most, and it had to be affordable. He wanted a the ability to accurately map his wireless network, see individual bandwidth usage, check signal strength, and get real-time alerts whenever a problem flared up. After giving WhatsUp Gold a trial run along with a few other vendors’ software products, he chose Ipswitch because it met his criteria and his price point. Since using the product, the phone rings a lot less and sneakers last a lot longer.

If your work involves managing wireless access on a network in higher education, or anywhere else for that matter, please register and join our webinar this Thursday, February 6. During the 30 minute webinar you’ll learn how to best manage the high traffic tides, quickly and easily identify bandwidth hogs and the offending applications, and receive notifications when access points approach capacity.

Hope to see you there. If you can’t make it, we’ll be sharing the replay afterwards.

Title: How to Overcome Challenges of Campus Wireless Network Performance
February 6, 2014
Show Time: 2:00 pm EST
Duration: 30 Minutes
Register Here


Halloween represents the time of year that we embrace ghouls and ghosts, celebrate the macabre, and eat too much candy. This coming Thursday I’ll be greeted at my front door by trick or treat’ers, lined up for their packaged sugar rushes. In between trips to the check out the little ghosts and ghouls, I’ll be watching one of my favorite horror movies. For me, being scared is part of the fun.

Click for full image.
Click for full image.

However, for sysadmins and network managers, Halloween plays itself out every day of the year. So what better time to visit the issues that turn your server rooms into your own personal house of horrors?

We know no two networks are exactly alike, so we focused on 13 network nightmares that represent the common hauntings of every server room. The number alone signifies something to be wary of. Some buildings don’t have a 13th floor. Any Friday that falls on the 13th day of the month can give even non-believers a moment of pause. These 13 network nightmares highlight the type of problems that keep many IT folks awake at night, while fearing the unspeakable network terrors that may face them at work the next day.

Even though Halloween may be a lot of fun, mention any of these 13 nightmares to a network manager and you are likely to see a look of true horror.

Here’s the fleshed-out list of network nightmares, and some tips on how they can get solved in the real world. Have an evil glance, if you like:

1.  The Zombies: Only Zombies should be slow, not your network.  Slowdowns can make it nearly impossible to keep systems and applications up and running at peak levels. With better insight, you can move fast to solve problems before they start to negatively impact business operations and users.

2.  The Vampires: Don’t let network vampires suck the life out of your wireless network. These creatures can take a bite out of network performance with the use of satellite radio and streaming video. Once you track them down, put your stake in the ground and kindly share IT policy so they can listen to Pandora back at the crypt, and not in the office.

3.  The Skeletons: Dealing with bare bones budgets is a constant problem for IT professionals, who are expected to provide higher levels of service to users, with fewer dollars. IT folks should be able to face the skeletons in their closets and monitor their networks, applications and systems affordably.

4.  The Frankensteins: A whole bunch of disjointed pieces and parts can yield monster network monitoring problems. Network administrators should not have to play the mad scientist. Trying to make the nuts and bolts and random wires of their network play nice together shouldn’t look like a scientific experiment gone wrong.

5.  The Spiked Maces: Spikes in network performance can make anyone nervous. Be prepared for high levels of traffic on days when Apple offers a download your users cannot resist. When you can be proactive, the spikes on the network won’t come swinging at you like a medieval mace.

6.  The Ghosts: What problems are haunting your network? Network administrators can be effective ghost hunters and find the spectres, including slowdowns and frightening downtime.

7.  The Chucky (Knife-Wielding Dolls): What may seem like a small threat can actually instigate big problems. What little monster is wiggling their way down into deep layers of the network to compromise security? Unchecked small problems can quickly turn into a network breach if it takes weeks before you find the culprit, especially if the problem is intermittent. Small problems are not “child’s play.”

8.  The Jasons (Scary Intruders): Don’t let software and applications lurk in the shadows. Network administrators need to know which users have downloaded unauthorized applications onto their networked laptops. Turn on the light so you don’t get lost in shadow IT.

9.  The Mummies: Are you continuously wrapped up in the same problems that keep returning? Finding the source of an issue shouldn’t be as hard as digging into an ancient Egyptian crypt.

10.  The Devils: No cost shortcuts like free open source products can tempt you with big promises, but can steal your soul if you depend on them to monitor your network. Listen to the haloed, winged creature on your other shoulder and invest in an affordable solution that gets the little devils out of the network.

11.  The Gravestones: Downtime? More like Rest-in-Panic. Finding the source of a problem on the network shouldn’t bury you  six feet deep.

12.  The Fog: When the fog sets in and bats come out to play, viewing the network can become eerie and impeded. If network administrators can’t get a complete view of their network, they won’t be able to clearly see through the fog and find the source of a slowdown or stoppage.

13.  The Werewolves: Don’t get bitten by the unexpected. Having the proper policies in place can be the silver bullet for dealing with bandwidth-hungry users.











Ipswitch customer engagement engineers and members of our WUGspace community have been sharing their stories from the IT front lines. These brief vignettes cover a network-related problem that was solved using one or more of our products.

These stories aren’t meant to be commercials (we have plenty of room elsewhere on our website for that) but more of an insider view into the day to day challenges faced by IT pros and how they can make their jobs easier to do.  

Today’s edition stems from an engagement with a fast food franchise where our folks came to help with a network Internet bandwidth issue.

For those of you who are WUGspace community members, share your own story from the front lines and immediately earn 100 WUGspace points and a $25 gift card. If you aren’t a member, we’d love to have you join in the dialogue.


True Stories from the Front Lines of Network Performance Monitoring: How a Fast-Food Franchise Closed the Lid on Pandora’s Box

Pandora: "she who sends up gifts". (and serves up music)
Pandora: “she who sends up gifts” (and music).

We recently worked with folks from the corporate office of a national fast-food franchise who were very concerned over their Internet bandwidth costs.  They were considering purchasing additional bandwidth to keep up with demand. 

They came to Ipswitch to help understand the source of their growing internet bandwidth consumption so they could address the issue and gauge how to solve it.

Using our Flow Monitor software, we were able to identify the source of the problem in minutes. The culprits were users streaming Pandora from the desks.

Turns out a little satellite radio can really chew into the bandwidth that others need in order to do their jobs. If the franchise had bought more bandwidth they’d be doing so in order to support an unauthorized application. 

Using Flow Monitor, they were able to enforce bandwidth usage policies and detect the use of unauthorized applications – and lowered the bill from the ISP. 


By the way, we’re music fans.

Just wanted to put that out there in case we were giving the wrong impression.




The IT life was simpler when employees each had one desktop computer and one landline phone. Technology did not move. It was stationary. Nowadays we have laptops, smart phones, and tablets that are both mobile and connected. And they have no wires. You are told that applications are mission critical,  expected to be accessible by people at a speed that optimizes productivity, and available to people inside and outside the organization. And who else wants access all the time? Hackers and other online criminals. As if you had enough to worry about.

On top of all of this, your IT budget might be flat or lower than last year. It is not an easy situation to manage. Fortunately there ways to face these challenges in a way that makes your life easier without paying a high price.

Network monitoring systems for IT operations do not need to come from a Big IT Company to provide what you need. Ask yourself the following questions when determining the most efficient and affordable IT monitoring technologies:

Are you distracted?
If you spend hours, days or even weeks trying to chase down the source of a problem, your to-do list will get dusty and important tasks will get delayed. Many organizations accumulate multiple monitoring products over time and those products can’t generally “talk” to each other. As a result, you cannot see all the pieces and parts of your network infrastructure as they relate to one another — from database applications all the way down to individual network components. Pesky intermittent problems can sometimes go unresolved for months. This is all way too much of a distraction.

Are you over-licensed?
There are products designed for networks with millions of devices that cost millions of dollars. You don’t have to spend like a Fortune 100 company in order to get the functionality you require. Buy a license based upon the number of devices you need to monitor, regardless of the number of interfaces, volumes or applications per device. If you have license based upon elements – such as nodes, interfaces and volumes – you may pay less upfront but you will pay more in the long run.

Are you unified?
Can you view your IT infrastructure in a way that unifies the status of all physical and virtual attributes? If there is trouble coming your way, you probably want to see it quickly. If you are away from your desk, you might like to get a notification to check things out. Unify IT operations management under one interface and you can stop hunting and start solving.

Are you up?
A unified management screen helps maintain uptime because it will uncover the downtime culprit in the chain of technologies linked to any particular application. When the speed of access to applications starts to crawl, a unified system can identify the traffic jam by gathering information from every point on the network — including virtual, physical and private cloud environments. Imagine identifying the root cause of a problem in minutes instead of hours,  and fixing it quickly enough that your users’ experience remains unchanged.

That might be the kind of simplicity that makes the rest of your tough job a little easier to manage.

At the end of the day, a unified, simple and affordable network monitoring and management system will provide more uptime for your network — and more upbeat moods from those who rely upon you to do their jobs.

By Matt Cline, Senior Systems Administrator at Optim Healthcare, a network of hospitals and orthopedic medical practices based in Savannah, Georgia.

Stethoscope on a Computer Keyboard

The ultimate goal for our business – IT included – is to deliver the best care and experience for every patient and community we serve.  And this all depends on two key IT resources:

  1. The electronic health record (EHR) system that our 1,400 internal users access to track and update patient records. When this system is unavailable, the staff must revert back to paper records and update the EHR system later. If that happens, patient information could get lost in transition.
  2. Our website and patient portals are also a critical component of our success – much like any company’s websites. Current and prospective patients expect 24/7 access to our portals, whether they want to pay a bill or research our services, and it’s our job to ensure that need is met.

The quicker we can diagnose an application performance monitoring problem – before it impacts our staff or patients – the better.

I use WhatsUp Gold Application Performance Monitor from Ipswitch. In this post I will cover some highlights from the first phase of its implementation. At that time I created and then began using profiles for:

We first tested the Ipswitch IIS profile on a production server and immediately discovered the unknown: 3-4 major deficiencies were the root causes of slowdowns in our database. We found a similar problem in our Microsoft SQL server.  If we hadn’t run the test, we wouldn’t have found these deficiencies issues until a significant slowdown or, even worse, downtime.

The unified dashboard is the best interface I’ve used for these types of tasks. I get a single view at a highly granular level and am getting the data I need to proactively fix problems and eliminate downtime.

I’d be glad to hear about your experiences managing application performance. Feel free to post a comment.

Did you know that the NSA made its first appearance at DefCon this year, looking for help from the “world’s best cybersecurity community”?  Even though the BlackHat and DefCon conferences are now over, I would like to continue to focus on security.  Specifically, let’s briefly discuss some best practices you can follow to ensure that your WhatsUp Gold system, and all the devices it monitors, are secure and safe from malicious hackers.  Here are some tips for how you can increase the security of your network monitoring infrastructure:

  • Run WhatsUp Gold behind a firewall.  Design your firewall rules to only allow legitimate traffic from known destinations and filter out all random protocols or unknown hosts.
  • Block SNMP at the network borders.  SNMP should never traverse the public Internet.
  • Utilize strong, secure SNMP community strings and SNMPv3 whenever possible.  Don’t use default or guessable SNMP community strings (like your company name).  SNMPv3 packets are encrypted, which decreases the possibility of inadvertent disclosure of community strings and other sensitive data.
  • Configure SNMP agents to only respond to the IP addresses of WhatsUp Gold servers.  Most SNMP agents have the ability to limit hosts from which requests are accepted — don’t just rely on your firewall!
  • Limit console access to the WhatsUp Gold server to secure hosts.  Allowing RDP sessions from any IP address increases the chance that a hacker can access an unprotected or poorly secured system.
  • Run WhatsUp Gold with reduced database privileges.  Limiting database privileges minimizes the likelihood that an exploited vulnerability is leveraged to gain privileged access.  See the WhatsUp Gold Database Guide for further details.

By following these steps you’ll be able to increase the security of your monitored network, and decrease the attack surface available to would-be attackers.

WhatsUp Gold’s free Syslog Server provides you with a feature rich tool to help you manage your syslog needs, including enhanced export capabilities. View the messages in real-time or filter results data the way you need to see it. Take charge of your network by understanding the data your devices are giving you.

Would you like to:
  • Automatically collect both Syslog and Windows event logs across your network?
  • Store your log files for as long as you need (e.g. HIPAA mandates log data retention for 6 years)?
  • Prevent tampering with your archived log files?
  • Receive real-time alerts for key events (e.g. access and permission changes to files, folders, and objects containing employee or financial records, patient information and any other critical information).
  • Generate and automatically distribute compliance or security-centric reports to key stakeholders such as auditors, security personnel or upper management?

Get the Syslog Server today for free (or, if you answered yes to any of the above questions, consider checking out WhatsUp Event Log Management Suite)

Enhanced by Zemanta