Re: network monitoring

[Andrew Miehs <andrew@2sheds.de>]

On Sunday 31 October 2004 14:17, martin f krafft wrote:
> > This way you could possibly reduce your internal secuity
> > requirements, and not need encryption everywhere. Just make sure
> > you back up your data regularily
>
> The problem is people plugging laptops in on the cluster side.
>

If people have physical access to your machines/ network hardware you will not 
be able to find a 100% fool proof solution.

If people have console access to the machines they can boot via cd, and copy 
off all your key files.  You will probably find that locking up your hardware 
behind a big steel door is the easiest, cheapest solution. :-(

IPSec will help, but only as long as people can't get at the key files.

Some switches allow you to allow only certain MAC addresses - some (i imagine) 
will probably allow you to have a port automatically disable itself, should a 
link go down.

The question is HOW secure does it really need to be.

As for Nagios vrs Big Brother - Big Brother (Big Sister I havent used - should 
be the same though) is easier to configure and get up and running. Writing 
your own scripts for big brother though is a pain, (or was a pain) as you 
have to implement your own routines that parse the 'bbhosts config file'.

Nagios is a great tool as well, but has a little bit steeper learning curve - 
including for the user / operator. (My personal opinion).

As for the push or pull - I'm not really convinced that it makes a difference. 
If Big Brother sees that it hasnt received an update in the last 5 minutes, 
the host is marked as bad  - purple - and can send you emails based on this.

Regards

Andrew