A Website Dedicated to Computer Professionals...and some not so Professional

How to build a cheap Security NOC
William M. Nett
 

The Network Operations Center or NOC is the cornerstone of all computer networks. I've worked at AT&T's NOC, been around Government NOCs and seen small scaled versions. Most look like something out of the movie, "WarGames" and surprisingly, whether you're a Linux or Windows fan you can build one for cheap and be your own armchair NOC General.


     What does a NOC do? It monitors connections, network activity, spots problems, conducts threat assessments, and calculates scalability requirements with customer demands... it also puts on a pretty good "dog-n-pony" show for potential investors and customers.

     What's required? Again, surprisingly not too much! Depending on the size of your company, this can be achieved with as little as an 8' X 10' room, and 4 computers. Trust me, you more than likely do not need a $15,000 Cisco PIX or Nokia firewall (which runs Linux derivatives).

     You'll need at least three big monitors (the bigger the better), two smaller ones (17"), a KVM switch, and OOB dialup. Here's the loadout: 

     1. Firewall: Get a copy of IPCOP... its Smoothwall on steroids and very easy to configure. It  has a built in Intrusion Detection System, Proxy logging, and you can use Coyote Linux as a failover if you think you are being attacked. This package uses a web interface, so there's no need for a
monitor, keyboard, or mouse. These software elements are also free. Minimum requirements are a 333Mhz system with 64MB of RAM and a 2.1GB Hard-Drive.

     2. Network Monitoring: Download a copy of F.I.R.E. and run it on a barebones 600 Mhz system. Configure and open Etherape on a monitor for an Air Traffic Controller's view of your network activity... bean counters love this. If you're being attacked or infected, you will quickly see where it's coming from. You should also use a receive only sniffer cable on this box to protect integrity... a receive only box has a zero chance of infection as it's physically impossible.

    3. Got wireless? Download and run Airsnare with a semi hyped up Wireless antenna, and you'll quickly spot any war-drivers or unauthorized network connections. If you have an old directional motorized TV antenna system lying around you can go uber-elite and connect a cheap phased array panel antenna or cantenna to locate your wireless intruder with NetStumbler. This can all equally run on a 333Mhz Windows based system. 

     4. Workstation: Here's the beef... a 1.2Ghz, 512MB, 20GB computer, with dual head Matrox card, with dual booting OS (Linux & Windows), Preferably Linux with a Windows VMWARE guest OS. Trust me, once you go Dual-Head, you won't go back. The best Linux Dual-Head OS is SuSE 8.3. Tie this into the KVM to modify any of your servers.

     5. Red Phone... afterall, who doesn't want one? You're batman right?

     Your first Monitor should be watching CNN or the weather channel (depending on location), the second should be running Etherape, and the third should be running Airsnare or Windows Services Monitors (CPU, Netload, etc.) All of the software here except Windows is free, and easy to configure... except maybe your General's chair. In the end, aside from having your own
WOPR, you have a NOC for just under $2,000.00 

William M. Nett

Links:
http://www.ipcop.org
http://www.coyotelinux.com
http://prdownloads.sourceforge.net/biatchux/fire-0.4a.iso?download
http://etherape.sourceforge.net/images/v0.5.5.png An etherape screenshot
http://www.netstumbler.com
http://home.comcast.net/~jay.deboer/airsnare/download.htm

 

 

 neat street sports and novelty

  

jordan 11 legend blue jordan 11 legend blue black infrared 13s legend blue 11s legend blue 11s jordan 11 legend blue jordan 11 legend blue black infrared 23 13s black infrared 13s legend blue 11s jordan 13 black infrared 23 jordan 11 legend blue jordan 11 legend blue black infrared 23 13s jordan 11 legend blue black infrared 23 13s jordan 11 legend blue jordan 11 legend blue legend blue 11s jordan 11 legend blue jordan 11 legend blue black infrared 23 13s legend blue 11s black infrared 13s jordan 11 legend blue jordan 13 black infrared jordan 11 legend blue jordan 11 legend blue legend blue 11s jordan 11 legend blue black infrared 23 13s jordan 11 legend blue jordan 13 black infrared jordan 13 black red jordan 11 legend blue jordan 11 legend blue jordan 13 black infrared 23 jordan 13 black infrared legend blue 11s black infrared 13s michael kors Black Friday michael kors black friday michael kors black friday michael kors Black Friday michael kors Black Friday michael kors black friday beats by dre black friday michael kors cyber monday uggs cyber monday uggs cyber monday beats by dre cyber monday beats by dre black friday coach cyber monday michael kors cyber monday canada goose black friday lululemon black friday beats by dre black friday beats by dre black friday michael kors black friday coach black friday north face black friday kate spade black friday uggs black friday michael kors cyber monday coach cyber monday kate spade black friday Juicy Couture cyber monday hollister black friday michael kors cyber monday beats by dre cyber monday uggs black friday beats by dre black friday canada goose cyber monday hollister black friday beats by dre black friday michael kors black friday kate spade cyber monday kate spade cyber monday beats by dre black friday hollister cyber monday michael kors black friday canada goose black friday uggs cyber monday coach cyber monday hollister black friday lululemon black friday