monitoring Alessandro Stesi

How to have your computer network under control

monitoring

In recent years we have witnessed a rapid evolution of information infrastructures that have become increasingly complex and heterogeneous. The introduction of virtualization, thanks to the economic savings and its simplicity, has encouraged the increase in the number of servers divided then by functions and roles. Technologies like the Cloud have allowed to extend the company boundaries, just think of the hybrid Cloud or the public Cloud where previously physical servers that were physically present in the company have evolved in virtual instances in executions on more Datacenter also geographically distributed on the globe. Last but not least, the IoT (Internet of Things) has contributed to enrich the network of devices on the network and that it is necessary to manage.

 

The age of check-lists

Not many years ago, the system operators had sufficient check-lists, regularly performed according to work procedures, to monitor the company server pool and thus ensure the correct functioning of all the IT components, with particular attention to the business critical systems. Today this approach, as well as expensive, would be ineffective, mainly because of how the company infrastructure has evolved. The manual controls would become not only numerous but also unmanageable and with an inherently high degree of error. Moreover, in this scenario, it is not possible to guarantee a correct timeliness in the identification of a problem or in the management of a breakdown.

 

Automated monitoring

 

The evolution of the IT model has introduced the need to introduce new ways of controlling the network that are automated or semi-automated, distributed and above all pro-active / reactive. In fact, solutions have been developed capable of managing an increasingly high, heterogeneous and distributed number of network devices. The new monitoring systems are also able to set the frequency of the measurements based on the metrics observed, increasing it for those values ​​in continuous change that it is necessary to observe therefore continuously and decreasing it for the more static ones. For example, disk space occupation in some environments may vary less than the network bandwidth. This precaution allows to optimize the resources of the monitoring avoiding to measure continuously less dynamic variables.

The evolutions of these monitoring systems have also made it possible to collect data centrally with the possibility of comparing different metrics to each other thus obtaining the composed metrics. Not merely measuring a single metric but comparing its value in relation to another (even different systems) has extended the concept of monitoring.

 

Item and Trigger

In the systems world or systems monitoring applications there are two basic concepts such as Item and Trigger. The first, Item, represent the metrics or the value (numeric, Boolean, textual) measured or to be measured (eg cluster status, CPU usage, disk usage, etc) while the seconds, Triggers, are the thresholds that you want to apply to a certain Item to check its value. For example, you may need to set two Triggers to monitor the volume occupation of a SAN by receiving a first notification if this exceeds 80% of the maximum capacity and a second in the case of 90%. This modular feature (Item and Trigger) allows for example to simply monitor the trend of a given metric (eg data center band) without necessarily applying a triggger to the measurement or allows to apply more thresholds to the same item to monitor the change in value reporting the change with different actions based on the triggers.

 

Actions

Upon the occurrence of a certain condition identified by the triggers, it is possible to perform a specific action such as sending an email, a text message, a VoIP call or running a program. For example, you could monitor a log file (item log file equal to catalina.log) and upon the occurrence of a certain condition (trigger that verifies the presence of a certain pattern) restart the relative application. In addition to being automated, actions can also be manual, leaving the monitoring system operator the possibility to apply them when it is deemed most appropriate.

 

Solution for monitoring the IT infrastructure

The Secure Online Desktop provides its customers with two monitoring services:

   ◊ IT monitoring service: This service is a complete solution for monitoring the customer’s IT infrastructure without needing to install additional hardware. The solution involves the use of a Cloud management console and a set of specific software agents that our staff will install.

   ◊ Managed monitoring service: This service is an add-on to the Cloud Server service that plans to monitor the Cloud servers that the customer buys.

 

[btnsx id=”2931″]

Useful links:

ICT Services

FAQ

News

Demo online

New Cloud Server video – Create your Public Cloud

Cloud servers

Cloud Products and Services

VPS Metered – Cloud location

Demo Cloud Servers

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function July 1, 2022
    Posted by Eldar Marcussen on Jun 30JAHx221 - RCE in copy/pasted PHP compat libraries, json_decode function =============================================================================== Several PHP compatability libraries contain a potential remote code execution flaw in their `json_decode()` function based on having copy pasted existing vulnerable code. Identifiers --------------------------------------- * JAHx221 - http://www.justanotherhacker.com/advisories/JAHx221.txt...
  • Backdoor.Win32.EvilGoat.b / Weak Hardcoded Credentials July 1, 2022
    Posted by malvuln on Jun 30Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20daf01e941f966b21a7ae431faefc65.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.EvilGoat.b Vulnerability: Weak Hardcoded Credentials Description: The malware listens on TCP port 13014. Authentication is required, however the credentials "evilgoat / penix" are weak and found within the PE...
  • Backdoor.Win32.Coredoor.10.a / Authentication Bypass July 1, 2022
    Posted by malvuln on Jun 30Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/49da40a2ac819103da9dc5ed10d08ddb.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Coredoor.10.a Vulnerability: Authentication Bypass Description: The malware runs an FTP server on TCP port 21000. Third-party attackers who can reach infected systems can logon using any username/password combination....
  • Backdoor.Win32.Cafeini.b / Weak Hardcoded Credentials July 1, 2022
    Posted by malvuln on Jun 30Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/a8fc1b3f7a605dc06a319bf0e14ca68b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.b Vulnerability: Weak Hardcoded Credentials Description: The malware listens on TCP ports 51966 and 23. Authentication is required, however the password "mama" is weak and found within the PE […]
  • BigBlueButton - Stored XSS in username (CVE-2022-31064) July 1, 2022
    Posted by Rick Verdoes via Fulldisclosure on Jun 30CVE-2022-31064 - Stored Cross-Site Scripting in BigBlueButton. ========================= Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton Product: BigBlueButton Vendor: BigBlueButton Vulnerable Versions: 2.3,
  • typeorm CVE-2022-33171 July 1, 2022
    Posted by lixts via Fulldisclosure on Jun 30typeorm CVE-2022-33171 findOne(id), findOneOrFail(id) The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. The issue […]
  • 🐞 CFP for Hardwear.io NL 2022 is OPEN! July 1, 2022
    Posted by Andrea Simonca on Jun 30*🐞 CFP for Hardwear.io NL 2022 is OPEN!* If you have groundbreaking embedded research or an awesome open-source tool you’d like to showcase before the global hardware security community, this is your chance. Send in your ideas on various hardware subjects, including but not limited to Chips, Processors, ICS/SCADA, […]
  • [Extension: CPSIoTSec 2022] The Workshop on CPS&IoT Security and Privacy **Submission Deadline: July 25, 2022** July 1, 2022
    Posted by alcaraz on Jun 30[Apologies for cross-posting] -------------------------------------------------------------------------- C a l l F o r P a p e r s The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2022), in conjunction with the ACM Conference on Computer and Communications Security (ACM CCS) November 7-11, 2022, Los Angeles, U.S.A. https://cpsiotsec2022.github.io/cpsiotsec/...
  • Backdoor.Win32.InfecDoor.17.c / Insecure Permissions June 28, 2022
    Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/1fd70e41918c3a75c634b1c234ec36fb.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.InfecDoor.17.c Vulnerability: Insecure Permissions Description: The malware writes a ".420" settings file type to c drive granting change (C) permissions to the authenticated user group. Standard users can...
  • Trojan-Mailfinder.Win32.VB.p / Insecure Permissions June 28, 2022
    Posted by malvuln on Jun 27Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/20e438d84aa2828826d52540d80bf7f.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Mailfinder.Win32.VB.p Vulnerability: Insecure Permissions Description: The malware writes a dir with multiple PE files to c drive granting change (C) permissions to the authenticated user group. Standard users can […]

Customers

Newsletter