5 warning signs of a network in trouble

Collect logs, store data and analyze the data. These are the three major steps involved in network management .

However, the increasing amounts of data being handled by enterprises these days can easily confound many IT professionals and prevent them from determining where to start.

When it comes to log management, administrators and technicians should remember that they are looking for anomalies or patters that could indicate that something fishy is going on, according to a recent report from IT security publication

“In order to spot the irregularities, It professionals need to establish a baseline and collect data on what’s normal inside the company’s network, according to Ben Feinstein, director of operations and development for Dell SecureWork’s counter threat unit.

This involves monitoring logs from including data from virtual private networking appliances, Web proxies, firewalls and DNS servers. After that, establishing what is normal within the network is necessary. Then an analysis of the logs must be carried out to identify possible indicators of an attack.

The final step is the creation by the security group of a standard procedure for responding to incidents identified in the log analysis.

Here are five events that scream a network may have been compromised:

Access anomalies – Watch out for changes in permissions, users logging in remotely from unknown locations or users accessing one system and using that system to access another. This could be possible signs or malicious activity, according to Kathy lam, product manager of HP ArcSight. The Windows security log and records of the Active Directory domain controllers are good places to start looking.

Configuration changes – Companies typically conduct configuration changes within a specific window so as not the hamper operations. Any changes happening outside this window are likely unauthorized and may be part of an attack, said Sanjay Castelino, vice president of Texas-based network application developer SolarWinds Inc.

Patterns matching threat indicators – There are many available threat indicators. Companies need to match the data in their logs to these indicators to identify suspicious activity.

IT departments also need to monitor for strange database transactions and new devices signing into the network.

Find out more about detecting unfamiliar database communications and threats posed by bring-your-own-device users (BYOD), click here.



Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web