[Dshield] Network monitoring tools on servers
ed.truitt at etee2k.net
Fri Jun 3 10:46:09 GMT 2005
There is a debate going on where I work -- a rather largish enterprise,
with global operations. Our server support folks want to install NetMon
(Microsoft's network monitor) on all the servers, so when the need
arises they can connect to it and do troubleshooting. My guess is that
this came out of the recent problems with MS05-019, which did impact
us. I do remember, back when I did server support, that we wanted to do
the same thing, but IT Audit vetoed the idea. Well, they are still
questioning it, asking for a business case (justification) and exactly
which (of the more than 1000) servers we "need" to put it on.
So, my questions to you are: What are the pros/cons from installing
such a diagnostic tool on a server, in the event it is needed? Is there
really a serious enough issue that Audit (and, indeed, Security) should
have heartburn with it? Or, is it, in the words of some famous person
somewhere in the past, just "much ado about nothing"? Would you do/have
you done such a thing in your own organization? If so, what safeguards
did you put in place?
PGP fingerprint: 5368 D25E 468C A250 9833 CCD6 DBAE 9C25 02F9 0AB9
"Note to spammers: my 'delete' key is connected to YOUR ISP.
Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."
More information about the list