[olug] Minimalist network security

Eric Penne epenne at olug.org
Fri Sep 12 13:55:43 UTC 2003


I work in a Windows environment. We have a single w2k server on an IBM
netfinity 5100.  this server does file, print, dhcp, and dns forwarding.
It is also the domain controller for the company.  We are completely NAT
with no open ports through our router.  The problem is that we are
affiliated with Southeast Community College and they have classes here. 
Basic computer classes (mac and windows for beginners) up to Advanced
Cisco routing classes.  I'm scared by the number of people that have
access to our network that I don't know.  I lock down the server pretty
tight and don't allow access to any of the shared drives without a login.

I was wondering if there was a way to monitor all the network traffic on
our network and look for suspicious activity.  I know "of" many of the
security tools in Linux but more specifically I'm wondering how to monitor
the traffic through our switch.  Which of the various security tools can
be "promiscuous" and monitor all the traffic?  How do you set up the
switch and/or PC to be "promiscuous"?

I know it's kind of vague but I'm looking at options right now until I can
research in more detail.

Eric

PS.  I'm still loving the /etc in CVS tip.




More information about the OLUG mailing list