Auto discovery of the enterprise

[El Diablo]

This doesn't seem to fit in any other forum, because it's not really security related, so I figured this is the best place to post it.



I was wondering what you guys used for auto discovery of your enterprise, both LAN and WAN.

I walked in to this network completely blind, and the documentation is atrocious here, so I'm plowing my way through finding what is really on our network. My job is to secure this thing, but not knowing what is REALLY out there makes my job almost impossible.

I have looked at a couple of different applications out there, but I'm really wanting something that doesn't require me to install an agent on any machine because if I had to do that then I would already know what's out there

Right now I have tried Network View, and Ecora software. Neither of which do a great job of what I'm wanting. The network view software is nice, but doesn't map it very well... and didn't discover a lot of stuff that I knew was really out there. The Ecora software seems rather kludgey to me, and not exactly intuitive. Plus there is the fact that I have to download about 5 different pieces of software to discover stuff that's out here. I have also requested a copy of Unicenter TNG, but that may take a few days as the download script that CA uses is busted and won't let me download the eval.

I have a couple of sniffers at work watching my network, but that's really not going to tell me what I need to see.


{edit}
BTW, there is more than just windows machines on my network, so stuff like DCEtest won't do everything I need. I'm looking for something that will tell me everything that is on my network, including WinX, *Nix, and routers.... along with firewalls hardware/software.
{/edit}

So what do you folks use on your networks? What have you used and found to be lacking? Is there ANYTHING out there that will do what I need it to do, or is that just asking too much?




El Diablo

[paldie]

Have you looked at Fluke Network Inspector. You cna run on agent on every subnet.... it does not require an agent on every machine...

[Palemoon]

Well am not there any longer but sort of walked into sort of what you have, a network put together by how many consultants? No matter what OS put a firewall up and my choice was WatchGuard in front of everything and they have a great GUI that shows all network traffic both directions. Was the only way I was able to get a handle on everything on the system plus the usual Admin tools I collected over time. Allows you to set what services you want to access the WEB and along with other records can button down the system. To boot the price of WatchGuard products have really come down over the last 3 years. Do a google search on them BTW not endoursing them just my choice what I used to use LOL

Well best to call in a consultant with the Fluke at 26k not many but the most healthy of corps can put out for that toy paldie

[nebulus200]

Question: On your backbone, do you have SNMP enabled and if so are your community strings/manager settings consistent (or at least predictable) ? If so, you could try something like SNMPwalk or maybe even download an eval version of HP Openview.

If not, you might get stuck running an nmap or something similar against your internal network, but be prepared to sort through data for days (or are you looking for something graphical ?). SNMP would probably be the least painful way though...

Neb

[paldie]

OK Network Inspector is not a Fluke tool it is a peice of software... You are talking about Switch View... totally different product although it can do the same thing... Yes network Inspector is expensive but this isn't a cheap thing you are talking about doing...You can go with OpenView or other products but they aint sheap either... 250 node cost about 6K not 25k that Palemoon is listing. I am not endorcing it, I have just used it and it works very nicely on an IP network mapping via subnets and the devices that are there if the devices are SNMP enabled you can query the MIB... So I guess you get what you pay for. Then again there is stuff out there which is open source but I don't have experience with them...and like nebulus200 states you arent going to get the graphic interface if you use nmap or similar tool.

I used Network Inspector with a Infrastructure migration and was able to watch as every system left one network and migrated to the new one. I was able to track rogue nodes via IP addresses so we could make sure we didn't miss anything. It wasn't a huge network but it was substantial enough... Just my thought...