--- Original message ----
>Date: Tue, 26 Jun 2007 16:51:12 -0500
>From: "Robin" <rboulton stcharleslibrary.org>
>Subject: RE: [Web4lib] Fwd: About Computer
Networking:How MySpace May BeHurting Your Network
>To: <jtgormanuiuc.edu>, <web4libwebjunction.org>
>
>Hi Jon,
>Thanks for the feedback. Your points are well taken. Can
you suggest a
>tool for doing exactly such an audit? I have been
discussing this with
>several people lately and none of us have any experience
such utilities,
>nor do personally (collectively) know even the names of
any good ones.
>Any recommendations pro or con from and the list at
large would be
>welcome.
>
It's been a while since I've done anything similar to a
network audit. It looks like some others have already
responded with good suggestions. I'll try to summarize what
I've used in the past. I'll warn you though, it's mostly
Linux/Unix based.
First, you might be able to talk with your ISP and get some
reports of commonly used ports and ip addresses for the
outgoing traffic. If part of the charge of the ISP is to
provide service, I'd imagine this should fall under the
contract.
In the past I personally have used a combination of logs
(router, firewall, etc), Ethereal (packet sniffer as well as
other things), and nmap (to scan for suspicious ports).
Nmap or a similar port scanning tool might be a good first
step just to see if there's any odd ports accepting
connections. I've heard good things about Snort but don't
remember using it any time recently. Ethereal is a bit
tricky to use and I won't claim to be much help using it
You also need to be careful if you have privacy concerns
using Ethereal. I vaguely also remember setting up SATAN to
scan for rootkits, but that was quite a bit ago and don't
know the state of the software these days.
One thought I did have is it might be possible that you have
a patron with a digital camera who's using the computers to
upload images to some service like flickr. I've seen people
not be aware of how huge their image files are and
attempting to do things like email. It's not as likely a
scenario as a compromised computer, but I could see it
happening.
Jon Gorman
-------------------------------
Research Information Specialist
University of Illinois at Champaign-Urbana
316 Main Library - MC522
1408 West Gregory Drive
Urbana, IL 61801
Phone: (217) 244-4688
_______________________________________________
Web4lib mailing list
Web4libwebjunction.org
http://lists.we
bjunction.org/web4lib/
|
