An Introduction to Network Monitoring
An Introduction to Network Monitoring
There's a difference between an intrusion detection system monitor and a network monitor. While an intrusion detection system is responsible for protecting the system from outside threats, a network monitor just watches for internal failure conditions, such as overloaded servers, crashed servers, faulty network connections, and other problems.
In a typical use case scenario, network monitoring software might periodically send an HTTP request to determine the status of a webserver, or it might generate a test packet through SMTP and retrieve the result through POP3 to check the status of an email server. This is done to check response time, uptime, consistency, and reliability. There are many more protocols that can be monitored in this way, including HTTP, HTTPS, SNMP, FTP, SMTP, POP3, IMAP, DNS, SSH, TELNET, SSL, TCP, SIP, and UDP.
In case a response cannot be retrieved, a document is missing, the server times-out, or a connection cannot be established, the network monitoring software may take any of a number of courses of action. This may include bringing up a backup server, sending massages via pager to the sysadmin, and so on. The whole process is summed up in the term "network tomography," which deals with the study of a network's vital signs using information derived from its end-point data.
All of which, of course, relates to the prime duty of any network manager: to keep the system up and running. Users typically aren't aware that there *is* a network manager until they can't get something through the network, and then everybody calls the office at once. A good sysadmin can anticipate where problems will arise and have solutions in line ahead of them.
In the case of businesses which rely on computing technology, including software, communications, telemetry, and all manner of online e-commerce, network monitoring is crucial to the process. So a network monitoring server has to be the most stable piece of equipment onsite. Frequently several redundant instances of network monitoring software will be deployed, to ensure that all data about the system's status is accurate and available to the minute.
An interruption in network function can wreck all kinds of havoc. Payments or orders can be lost, Internet customers can be turned away, data can be lost, and in the case of mission-critical hardware such as that used by aircraft navigation systems and hospitals, actual lives can be at stake as well. So this isn't a field for the slack and carefree - you want sysadmins who are vigilant. And of course, you want network monitors to be running at top performance and uptime.
Filed Under: Security Technology
