Defence in Depth for Securing Computer Systems/Performance Measurement

From Wikibooks, open books for an open world
Jump to navigation Jump to search

Defence in Depth for Securing Computer Systems/Preparation/Performance Measurement

Performance Measurement[edit]

Now that you know what is out there, you need to know what is normal. Knowledge of how your network should run is essential for you to be able to determine any anomalous actions that may indicate some form of attack or intrusion.


What needs to be undertaken is a measurement of each item of infrastructure over a period of time to determine how it runs normally. This should include aspects such as:


 CPU utilisation


 Hard drive usage (and rate of increase)


 Bandwidth utilisation


 Log file examination


These are fairly common attributes which should be considered. Specific items that need to be included in this list will of course depend upon the type of infrastructure within your network.


How do I do this?[edit]

There are a number of ways of going about both these activities. For performance measurement, a simple approach can be to use tools included with the operating system or the network device. These will provide a very quick, easy and low cost indication of how your network is running.


For more complex and in-depth analysis and reporting, there are a number of commercially available tools available. These include:


MRTG

Multi Router Traffic Grapher is a tool available under the GNU public licence. It is available on both Windows and Linux platforms and undertakes in-depth analysis of traffic on network links.

http://www.people.ee.ethz.ch/~oetiker/webtools/mrtg/


SolarWinds

SolarWinds is a commercial product that contains a suite of tools which will do pretty much everything you could need for performance measurement. The unfortunate thing with this software is that while it will do it all, it does come at a price. That said, it does do what it claims very well and has the capability of producing a variety of reports.

http://www.solarwinds.net


For configuration management, there are also a number of software packages available. The problem that may be faced here however, is that configuration of a network is a very unique thing. What works for one organisation may not work for another. The best advice with this is to examine any choices of software here very carefully and ensure that it fits you network requirements before any purchase is made.