Enterprise networks have gotten so complex that it is rare that any single person knows exactly what is connected to them. That could become an issue, particularly if someone brings an infected PC or if disaster strikes and a portion of the network goes south.
The solution is a variety of network discovery tools and techniques, some simple and cheap, others less so, to keep up with your knowledge of what’s on the network.
A combination of security threats, legal compliance issues, and general troubleshooting complexity have motivated a growing number of security consulting firms to look more closely at network discovery as a bona fide practice area. But before you rush out and hire someone, take stock of the skill set you have in your existing IT organization, figure out a budget for the activity, and realize that network discovery has multiple dimensions (this is security, after all) and not just a one-stop shopping experience.
Larry Dietz, Research Director for The Sageza Group, in Union City, Calif., thinks there are several things to consider.
“First, there is a basic hardware and software inventory of what the client thinks he has out there. If you discover things that the client doesn’t know about, then the client will think you are a genius. Second, you need to find unauthorized hardware, such as servers, wireless access points, and endpoints that users have brought into the building and running on the network. Again, whatever you can dig up is gravy.”
The Basics, And Beyond
The key takeaway here is that you need to get started, and there are a wide variety of asset-tracking tools available. Microsoft’s SMS, Landesk Asset Manager and Symantec/Altiris’ Juice all are enterprise-wide tools that can capture a wide variety of hardware and software types and be useful for IT managers who want to ensure that they have sufficient software licenses for the number of users, or that their corporate-owned PCs are accountable.
But these tools just evaluate the basic elements, and don’t really provide information on things like what is happening on the network, who is bringing in personal laptops from home, and staffers who are connecting to rogue wireless access points either by design or mistake. For these situations, you need one or more network analysis tools to be able to see your traffic patterns.
WildPackets.com’ OmniPeek, Network General’s Sniffer and Visualizer product lines and Wireshark.org (formerly called Ethereal) are all great tools for doing this, but require a significant investment in training to operate them properly.
“Ideally, you would like to gather this data once and reuse it for a variety of IT purposes,” says Dennis Drogseth, an analyst with Enterprise Management Associates.
Such purposes go beyond mere discovery and could include optimizing applications performance, network troubleshooting, and handling compliance issues.