[Dshield] Network monitoring tools on servers

Ed Truitt ed.truitt at etee2k.net
Fri Jun 3 10:46:09 GMT 2005

There is a debate going on where I work -- a rather largish enterprise, 
with global operations.  Our server support folks want to install NetMon 
(Microsoft's network monitor) on all the servers, so when the need 
arises they can connect to it and do troubleshooting.  My guess is that 
this came out of the recent problems with MS05-019, which did impact 
us.  I do remember, back when I did server support, that we wanted to do 
the same thing, but IT Audit vetoed the idea.  Well, they are still 
questioning it, asking for a business case (justification) and exactly 
which (of the more than 1000) servers we "need" to put it on.

So, my questions to you are:  What are the pros/cons from installing 
such a diagnostic tool on a server, in the event it is needed?  Is there 
really a serious enough issue that Audit (and, indeed, Security) should 
have heartburn with it?  Or, is it, in the words of some famous person 
somewhere in the past, just "much ado about nothing"?  Would you do/have 
you done such a thing in your own organization?  If so, what safeguards 
did you put in place?



Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."  

More information about the list mailing list