Just as with the internet there is plenty to monitor on your local network too. An effective monitoring system can greatly enhance the security of your network by detecting issues before malicious attackers have time to exploit them and by being able to stop a successful attacker before he has time to consolidate his hold.
1. Open File Shares
While an open file share might not seem like a big deal, it can actually become one. Many viruses and malware use it as a vector to propagate so it is essential that any open shares are properly secured.
2. Users and Groups
It is very important for an administrator to keep an eye on users and groups across his network. When someone manages to gain access to a machine through an attack or an exploit it is likely that the first action he’ll do is create a new user and assign to it as many rights as he can. Detecting the addition of new unauthorized users is a clear sign that swift investigation is required.
3. Network traffic
Internal networks can be the source and target of attacks just like the internet is. The company’s own employees might try to gain access to systems they’re not authorized to use. An IDS system on the local network could detect when such attacks are attempted.
4. New Software and Hardware
This is an obvious one. It is essential to keep track of what software and what hardware is installed on your network. Some software could introduce new exploitable vulnerabilities as well as create an unexpected environment that might cause issues after being patched. Hardware such as wireless networks and portable storage devices can also be a security threat.
5. Installed software
Software is not something you deploy and then completely forget about. You need to make sure that you have a mechanism in place that monitors its health and informs you (or an administrator) if updates fail or if new vulnerabilities are public that can be exploited by attackers. It is important to monitor these things because the last thing you need is an antivirus that fails to update and notify you/an administrator due to a firewall that is blocking network access to the antivirus.
6. Events and Logs
Software and hardware tries to communicate with the user when they encounter issues. They do this through the use of the event log systems and log files. Monitoring these events / logs could alert the administrator as to when things start to break, attack attempts, as well as unexpected behaviour of the hardware or software.
7. Desktop and Servers health
Desktops and especially servers can run into health problems just like people do. On a desktop which is generally in constant use, the user is likely to notice when things start to go wrong; however, on a server that is generally left unattended this might not be the case. It is essential to monitor the system for failures such as bad blocks on the hard drive, ECC ram having to correct too many errors and even trivial, yet extremely important, things such as the hard drive running out of space or the system using more memory than is available.