Auto discovery of the enterprise
Results 1 to 5 of 5

Thread: Auto discovery of the enterprise

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    233

    Question Auto discovery of the enterprise

    This doesn't seem to fit in any other forum, because it's not really security related, so I figured this is the best place to post it.



    I was wondering what you guys used for auto discovery of your enterprise, both LAN and WAN.

    I walked in to this network completely blind, and the documentation is atrocious here, so I'm plowing my way through finding what is really on our network. My job is to secure this thing, but not knowing what is REALLY out there makes my job almost impossible.

    I have looked at a couple of different applications out there, but I'm really wanting something that doesn't require me to install an agent on any machine because if I had to do that then I would already know what's out there

    Right now I have tried Network View, and Ecora software. Neither of which do a great job of what I'm wanting. The network view software is nice, but doesn't map it very well... and didn't discover a lot of stuff that I knew was really out there. The Ecora software seems rather kludgey to me, and not exactly intuitive. Plus there is the fact that I have to download about 5 different pieces of software to discover stuff that's out here. I have also requested a copy of Unicenter TNG, but that may take a few days as the download script that CA uses is busted and won't let me download the eval.

    I have a couple of sniffers at work watching my network, but that's really not going to tell me what I need to see.


    {edit}
    BTW, there is more than just windows machines on my network, so stuff like DCEtest won't do everything I need. I'm looking for something that will tell me everything that is on my network, including WinX, *Nix, and routers.... along with firewalls hardware/software.
    {/edit}

    So what do you folks use on your networks? What have you used and found to be lacking? Is there ANYTHING out there that will do what I need it to do, or is that just asking too much?




    El Diablo

  2. #2
    Senior Member
    Join Date
    Jul 2002
    Posts
    112
    Have you looked at Fluke Network Inspector. You cna run on agent on every subnet.... it does not require an agent on every machine...
    My other Computer is a 4000 node Beowulf Custer

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Well am not there any longer but sort of walked into sort of what you have, a network put together by how many consultants? No matter what OS put a firewall up and my choice was WatchGuard in front of everything and they have a great GUI that shows all network traffic both directions. Was the only way I was able to get a handle on everything on the system plus the usual Admin tools I collected over time. Allows you to set what services you want to access the WEB and along with other records can button down the system. To boot the price of WatchGuard products have really come down over the last 3 years. Do a google search on them BTW not endoursing them just my choice what I used to use LOL

    Well best to call in a consultant with the Fluke at 26k not many but the most healthy of corps can put out for that toy paldie
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Question: On your backbone, do you have SNMP enabled and if so are your community strings/manager settings consistent (or at least predictable) ? If so, you could try something like SNMPwalk or maybe even download an eval version of HP Openview.

    If not, you might get stuck running an nmap or something similar against your internal network, but be prepared to sort through data for days (or are you looking for something graphical ?). SNMP would probably be the least painful way though...

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Senior Member
    Join Date
    Jul 2002
    Posts
    112
    OK Network Inspector is not a Fluke tool it is a peice of software... You are talking about Switch View... totally different product although it can do the same thing... Yes network Inspector is expensive but this isn't a cheap thing you are talking about doing...You can go with OpenView or other products but they aint sheap either... 250 node cost about 6K not 25k that Palemoon is listing. I am not endorcing it, I have just used it and it works very nicely on an IP network mapping via subnets and the devices that are there if the devices are SNMP enabled you can query the MIB... So I guess you get what you pay for. Then again there is stuff out there which is open source but I don't have experience with them...and like nebulus200 states you arent going to get the graphic interface if you use nmap or similar tool.

    I used Network Inspector with a Infrastructure migration and was able to watch as every system left one network and migrated to the new one. I was able to track rogue nodes via IP addresses so we could make sure we didn't miss anything. It wasn't a huge network but it was substantial enough... Just my thought...
    My other Computer is a 4000 node Beowulf Custer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •