.

Network Monitor

<<

nilo

Newbie
Newbie

Posts: 3

Joined: Tue Jan 11, 2011 3:29 pm

Post Tue Jan 11, 2011 3:31 pm

Network Monitor

I am a network administrator. I would like to monitor all user laptops and computers connected to my network. I have installed a software to take desktop screen shots, but it is not able to install client program in vista laptop remotely without the knowledge of the user. Since I am the network administrator i have the domain admin user id and pwd, im able to install client program in some pcs on thro' domain admin pwd. Please help me out to monitor my network.

Thanks in advance,
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jan 11, 2011 3:40 pm

Re: Network Monitor

Is there a reason to take screen shots of the PC?

For network monitoring, I usually use the following:
Catci, BandwidthD and ntop for network graphs
syslog for firewalls, switches and routers.
tcpdump and wireshark for taffic captures.
arpwatch and port controls to limit what can be plugged into the network
tripwire (on the monitor box) for file integerty
nagios

I wouldn't mind putting a SIEM in place, or something else to look at netflow. Spiceworks looks to be pretty good too.
OSWP, Sec+
<<

nilo

Newbie
Newbie

Posts: 3

Joined: Tue Jan 11, 2011 3:29 pm

Post Tue Jan 11, 2011 3:48 pm

Re: Network Monitor

I would like to get periodical screen shots.

More than that Is there a way to access the files in their systems(XP/VISTA)?
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Jan 11, 2011 3:53 pm

Re: Network Monitor

chrisj wrote: Spiceworks looks to be pretty good too.


It may have changed in the last 3 years or so, but last time I looked at Spiceworks it was doing targeted marketing based on what it saw in your environment which raised a red flag with me. I don't feel the need to share the intimate details of my internal network with a 3rd party.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jan 11, 2011 4:06 pm

Re: Network Monitor

nilo wrote:I would like to get periodical screen shots.

More than that Is there a way to access the files in their systems(XP/VISTA)?


Why do you need to? Why do you need screen shots. That sounds more like abusing being an admin than actual administration to me. (Hint in 14 years I've never needed screens shots).

I guess so we can answer your question better, we should ask what it is you're trying to do and what management wants.
OSWP, Sec+
<<

nilo

Newbie
Newbie

Posts: 3

Joined: Tue Jan 11, 2011 3:29 pm

Post Tue Jan 11, 2011 4:15 pm

Re: Network Monitor

There is no question of abusing. Management want periodicall screenshot of users to see how the user working.

They want to see their PC file contents also time to time, coz their users work mostly involved with network files rather than local drive files
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jan 11, 2011 4:28 pm

Re: Network Monitor

nilo wrote:There is no question of abusing. Management want periodicall screenshot of users to see how the user working.

They want to see their PC file contents also time to time, coz their users work mostly involved with network files rather than local drive files


Hmmm.. in other words a kind of place that doesn't sound like it's worth working at. (My opinion).

So lets see... based on your questions.

Software install:
Only ways I can think of to install the software is via GPO, or you can announce that you need the boxes to install software.

Seeing drives:
You'll probably want to script it out. Look into Microsoft UNC. With the Domain admin account you can see unshared drives.
Last edited by rattis on Tue Jan 11, 2011 4:30 pm, edited 1 time in total.
OSWP, Sec+
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Tue Jan 11, 2011 4:46 pm

Re: Network Monitor

You're also opening yourself up to legal battles if you do not have the right policies in place that are acknowledged by your co-workers. It sounds like you don't have these as you're trying to install software without the employee's knowledge.

Just know that any evidence you put forth in a court of law will likely not stand to the rule of evidence if the employee did not know his/her actions were being monitored. In the case of a wrongful termination suit, your company could be out some big money without any proof.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Jan 11, 2011 5:11 pm

Re: Network Monitor

I would highly recommend you tell management why you think it's a bad idea via email and print out the response you get and keep it in a safe place for a rainy day. Sounds like a disaster waiting to happen, and Ziggy is right, the company could be faced with some serious legal issues but don't think for a minute that they won't throw you under the bus if it comes to that. Actually, scratch that first sentence. You should probably just find another job. I could not work in an environment that oppressive. I have to wonder if the employees are aware.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jan 11, 2011 5:42 pm

Re: Network Monitor

tturner wrote:
chrisj wrote: Spiceworks looks to be pretty good too.


It may have changed in the last 3 years or so, but last time I looked at Spiceworks it was doing targeted marketing based on what it saw in your environment which raised a red flag with me. I don't feel the need to share the intimate details of my internal network with a 3rd party.


http://www.spiceworks.com/privacy/

Brought it up on twitter (follow someone else that uses it, and spiceworks themselves. That link was the end response from Spiceworks).
OSWP, Sec+
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Tue Jan 11, 2011 5:46 pm

Re: Network Monitor

Glad I'm not the only one that thinks nilo's job sucks.

Remember. Your job as an admin isn't to make your bosses happy, it's to keep the company running. Sometimes it is hard for them to know the difference. The get the CYA documentation is a good thing. Because when (not if, WHEN) a lawsuit happens they will be looking for a sacrifice, and chances are you'll be it.

Also keep those documents stored somewhere other than your office. Safety Deposit box, and don't let them know you've got copies.

Also, beware if the AUP isn't enforced across the board. We have that problem where I'm at. Some people are "Exempt from the AUP", while others have lost their jobs over it.

Seriously though, sit down with them and find a better way, or find a new job.
OSWP, Sec+
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Jan 12, 2011 11:59 am

Re: Network Monitor

I would have to agree with the above comments.  The more responses I see to the member questions though, the more leery I am to respond especially with any help.  Unless English is a second language, and if so please ignore this; the use of 'coz' and general grammatical/structural laziness leads me to assume someone younger than a network admin is behind the posting.  Sorry if English is your second language, and please do ignore my suspicions if that is the case.
"Bad.. Good?  I'm the guy with the gun"
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Jan 12, 2011 12:38 pm

Re: Network Monitor

Gere1 wrote:what about bandwidth monitor you can try use ProteMac Meter http://protemac.com/Meter/.It;s really nice prog)


Based on a quick look at your link. It looks to be a MAC only product.
OSWP, Sec+
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Jan 12, 2011 12:42 pm

Re: Network Monitor

@g00d_4sh

I'm taking him as either a noob (fresh out of highschool, limited admin skills) or non-english speaker.

but a little leery enough to not give him more information on how to do what he's trying.
OSWP, Sec+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Jan 12, 2011 1:12 pm

Re: Network Monitor

I have installed a software to take desktop screen shots, but it is not able to install client program in vista laptop remotely without the knowledge of the user.


You guys are too nice, this guy is an <censured>!

Don't even reply to his emails. If you analyze his writting, he is almost certainly the same guy who wrote a few questionable posts on this forum in the last 2 months. Same patern: 1) create a new account, 2) post an unethical question, 3) once we realize it, he disapears.

Look around, we have seen this quite often recently...

And BTW, English is my second language (so sorry for the typos everywhere!), but I am mature enough not to write posts like this. So to me, a young "wanna be" black hat...
Last edited by caissyd on Wed Jan 12, 2011 1:14 pm, edited 1 time in total.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
Next

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software