Using a variety of tools to track network security is a good way to lock down systems while staying sane on the job. Products that help monitor probes from inside a protected network are becoming increasingly important to the IT arsenal.
One such tool, Visualware Inc.s VisualLookout Version 2.0, a TCP port monitoring and alerting tool, proved that it can indeed be a sanity saver for network managers in recent tests at eWeek Labs.
When we installed VisualLookout 2.0 on a Windows 2000 system and monitored a rack of PCs, the upgrade delivered an accurate picture of incoming and outgoing traffic patterns, with almost no effort and very little expense. The product, which started shipping last week, costs just $39.95 to monitor up to 100 systems running a range of operating systems.
Tests showed that VisualLookout 2.0 is a good tool to use inside the firewall to monitor for internal network probes. We were easily able to set up alerts that told us when ports were being probed.
VisualLookout made it easy for us to follow the action on our network. For example, we could split the monitoring window to see real-time TCP port usage on multiple machines. We also could use a VCR-like “play” command that stepped through connection activity. Although somewhat gimmicky, this feature was helpful in looking for potential problems.
Because there isnt much of a centralized management console and because there is no central repository for data, VisualLookout 2.0 is likely best used in branch offices or departments.
This isnt a major drawback, however, because monitoring only those systems that have access to critical data, as well as a smattering of other systems, should provide IT managers with enough information to know when and if trouble is afoot. At that point, a full-scale investigation—which is well beyond the scope of the product—is indicated.
VisualLookout 2.0 can also monitor external traffic and uses a world map to locate traffics likely origin. Although skillful crackers can circumvent this technique with no problem, it is a handy tool to have in case one of them gets sloppy (and everyone is prone to make a mistake once in a while). And the tools ability to locate mischief at its source will bust the newbie attackers without much effort at all.
In addition, because VisualLookout 2.0 is easy to deploy and capably sends alerts when it detects suspect activity, the product could very well be among the first tools to detect an internal attack.
VisualLookout 2.0 is available via download from www.visualware.com for a 15-day free trial.
Senior Analyst Cameron Sturdevant can be reached at [email protected]