The expression network monitoring often refers to the process of watching the servers, workstations, routers, and other devices on your network for signs of breakdowns, overloads, or other conditions that could cause them to fail. As important as that is, what I'm discussing here in this chapter is a different sense of the term: monitoring the data passed over your network (as opposed to network hardware itself) to detect unwanted incoming or outgoing information and, in some cases, to take action to prevent such occurrences.
An example of software that monitors a network for equipment failures, performance issues, bandwidth usage, and such is InterMapper (www.intermapper.com), which also — as the name suggests — performs network-mapping functions. Licenses range from free (for up to five computers) to many thousands of dollars, depending on the extent of your monitoring needs.
Specifically, this chapter introduces you to the following types of monitoring:
Network intrusion detection system (NIDS). A NIDS watches traffic on your network for telltale signs of intrusions by port scanners, robots and malware probing for holes, denial-of-service (DoS) attacks, unauthorized users trying to guess passwords, and other behavior you may want to be aware of as soon as possible. A NIDS is a subcategory of an IDS (intrusion detection system). When potentially dangerous activity appears, a NIDS can log it, alert an administrator, or both. A related ...