HomeHome » Contact Us   » This domain may be for sale

Hp 8510 Vector Network Analyzer » Network Vector Analyzer

Using Your Orion Network and Tools to Locate and Isolate an Infected Computer

If you're using SolarWinds Orion networks for your network administration, you have a whole host of network tools and applications at your fingertips that were designed to make managing your network as easy as possible. Unfortunately, you may not know how to use half of them.

You can use your SolarWinds Orion network tools to take care of a variety of problems, from blocking unwanted use to isolating an infected computer.

With your currently installed Orion network and the addition of Orion NetFlow Traffic Analyzer, you can quickly pinpoint and respond to the wide variety of self-propagating viruses that can attack your network.

For an example, consider the following scenario:

1) Discovery
A local branch of your banking network that handles all of your credit card transactions complains that the network is extremely sluggish, which is causing frequent timeouts during sensitive data transfers. Concerned, you immediately set out to investigate.

2) Investigation
You open the Orion NPM Web Console network tool to see that the link to the network is up at the branch site. You consult your Percent Utilization chart and see that current utilization at the site is 98 percent. You know normal utilization at that point is 15-25 percent. Your concern escalates as you realize your carefully protected network has been invaded.

3) Identifying the problem
You click the NetFlow Traffic Analyzer tab, and then click the link to the branch site. Taking a quick look at the Top 5 Endpoints, you see that a single computer in the IP range is generating 80 percent of the load on the branch link. This is what's slowing down the data transfers. You're getting closer.

You know that this computer resides in a part of the branch that is accessible to customers for personal transactions using the Web. Further investigation reveals that 100 percent of the computer's traffic for the past two hours has been over port 1883.

Because you know that you don't have any devices using IBM MQSeries messaging in that location, nor any other services or protocols that require 1883, you can tell that this is a virus exploit. One you will shortly terminate.

4) Solution
You quickly use your configuration management tool, such as Cirrus Configuration Manager, to push a new configuration to your firewall that blocks port 1883. Within minutes, you see the usage percentage drop to its normal 15-25 range. This area is secured.

With SolarWinds Orion network tools, managing a network doesn't have to be difficult. Your network tools may even have features that you don't know about. Regular training is necessary to ensure that you can do your job quickly, efficiently, and with as few headaches as possible.

For more information about using your SolarWinds Orion network tools, visit Corona Technical Services online at http://www.coronaservices.net.

About the Author:
Stacey Crow is the sales manager for Corona Technical Services, the only certified SolarWinds training provider in North America. Sign up for their training course at http://www.coronaservices.net to learn all the ins and outs of the SolarWinds Orion network and make your life easier.

Source: www.articlecity.com