Lan Network Security Tools
Many families setting up wireless home networks rush through the job to get their internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky, as numerous security problems can result. Today's Wi-Fi networking products don't always help the situation, as configuring their security features can be time-consuming and non-intuitive.
8 Free Wi-Fi security tools. Use them during the planning or installation stages of your wireless LAN, while troubleshooting, or when performing maintenance. Helps businesses easily.
Tips on Wi-Fi Security
The recommendations below summarize the steps you should take to improve the security of your home wireless network. Making even a few of the changes described below will help.
Change Default Administrator Passwords (and Usernames)
At the core of most Wi-Fi home networks is a broadband router or other wireless access point. These devices include an embedded web server and web pages that allow owners to enter their network address and account information.
These web tools are protected with login screens that prompt for a username and password so that only authorized people can make administrative changes to the network. However, the default logins provided by router manufacturers are simple and very well-known to hackers on the Internet. Change these settings immediately.
Turn on Wireless Network Encryption
All Wi-Fi equipment supports some form of encryption. An encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today including WPA and WPA2.
Naturally, you will want to pick the best form of encryption compatible with your wireless network. The way these technologies work, all Wi-Fi devices on a network must share matching encryption settings.
Change the Default SSID
Access points and routers all use a network name called the Service Set Identifier (SSID). Manufacturers normally ship their products with a default SSID. For example, the network name for Linksys devices is normally 'linksys.'
Knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone sees a default SSID, they view it is a poorly configured network and one that's inviting attack. Change the default SSID immediately when configuring wireless security on your network.
Enable MAC Address Filtering
Each piece of Wi-Fi gear possesses a unique identifier called the physical address or Media Access Control (MAC) address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, which restricts the network to only allow connections from those devices. Doing this adds another level of protection to a home network, but the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.
Disable SSID Broadcast
In Wi-Fi networking, the router (or access point) typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile ​hotspots where Wi-Fi clients may roam in and out of range. Inside a home, this broadcast feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi routers allow the SSID broadcast feature to be disabled by the network administrator.
Stop Auto-Connecting to Open Wi-Fi Networks
Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying the user. This setting should not be enabled except in temporary situations.
Position the Router or Access Point Strategically
Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal spreads, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example.
When installing a wireless home network, the location and physical orientation of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.
Use Firewalls and Security Software
Modern network routers contain built-in network firewalls, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running additional security software on each device connected to the router. Having too many layers of security applications is overkill. Having an unprotected device (particularly a mobile device) with critical data is even worse.
Assign Static IP Addresses to Devices
Most home network administrators use Dynamic Host Configuration Protocol (DHCP) to assign IP addresses to their devices. DHCP technology is indeed easy to set up. Unfortunately, its convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from a network's DHCP pool.
Turn off DHCP on the router or access point, set a fixed private IP address range instead, then configure each connected device with an address within that range.
Turn Off the Network During Extended Periods of Non-Use
The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.
If you own a wireless router but are only using it for wired (Ethernet) connections, you can also sometimes turn off Wi-Fi on a broadband router without powering down the entire network.
Lan Network Security Tools Download
What Is Network Monitoring?
What Are Network Security Tools
To some it might feel like the local area network (LAN) has lost some of its importance. After all, it's old for a tech buzzword and these days everything is running from the cloud, so how important are local networks anyway? The answer is: Probably more than ever. The LAN is now the 'last mile' in terms of cloud service delivery, and if you're one of those businesses that's utilizing 5, 10, or more cloud services as everyday work tools for your employees, then that's a lot of network traffic competing for LAN bandwidth.
Today more than ever, an unreliable data network can literally bring a business to a standstill. For instance, if the systems attached to your network can't get an IP address by using Dynamic Host Configuration Protocol (DHCP), then they won't be able to communicate with any other system. Similarly, if Domain Name System (DNS) isn't functioning properly, then your systems won't be able to look up the address of any system on the internet. The way in which you manage bandwidth and network utilization will directly affect the productivity of all users connected to your corporate network. To help you, we've tested and compared 10 of the top network monitoring software solutions available today. Most are cloud-based and all of them can help you keep your users connected and your network pipes safe.
Some of those services cross over into the category of infrastructure due to the criticality of the service. Monitoring services such as DNS then becomes more of an infrastructure management issue as opposed to a network consideration. DHCP probably fits the same description, although the managing of a DHCP service would be something for which a network administrator would typically be responsible.
Simple Network Management Protocol (SNMP) was first introduced in 1998 under Request For Comments (RFCs) 1065, 1066, and 1067. SNMPv2 and SNMPv3 have, for the most part, replaced the initial version and have seen widespread adoption across a variety of platforms. While SNMP is most frequently associated with networking, you can also configure operating systems (OSes), to include Microsoft Windows, to respond to SNMP commands. A key consideration for network management tools should be how they use SNMP to accomplish their tasks.
If you really want to know what's happening on your network, then you'll need to learn something about network flows. NetFlow was originally introduced for Cisco routers, providing the ability to analyze IP network traffic entering or exiting a specific interface. Flow data is sent to a collection point (typically a system running a database) to make query-based analysis easier. Other switch manufacturers followed suit, along with other similar sampling tools such as sFlow. A large number of networking hardware vendors including Arista Networks, Brocade Communications Systems, Hewlett-Packard, and others provide native sFlow support. You can find a full description of sFlow under RFC 3176.
Important Features
A number of key features stand out as specific needs to adequately fulfill the role of network management. For one, from an administrator's perspective, it's nice to have visual graphics that give you a quick overview of the current system status. Having the ability to tweak the arrangement of graphical elements on a dashboard is an added plus. Providing a mechanism to alert someone of a problem is necessary across the board.
IP Address Management (IPAM) has become a vital capability for many large organizations. Keeping track of statically assigned addresses, along with a large number of DHCP pools, can't be adequately managed with a manual system. Integrating IPAM with a network management tool just makes sense as the same person quite frequently handles both functions.
Automation is the key to managing large numbers of devices. The more you can automate small administration tasks, the more efficient the process becomes. Automated alerting and repair fall into this category and represent a key differentiator between products. Add to that the ability to remotely connect to your monitoring system, and you have the makings of a solid product.
Software-Defined Networking (SDN) is a hot topic and not without a significant level of confusion—unless you happen to be either a vendor or a technologist with a vested interest. At a very high level, the term SDN is used to describe the functional separation of the network control plane and the forwarding plane, making it possible to dynamically configure data paths for optimum performance. None of these products really get into SDN, except at the top level of monitoring the performance of a switch.
How We Tested
In this roundup, we call out several areas to help focus the evaluation. While installation and setup is something you really only do once, it's still an area of interest. For the network management category, the initial configuration may include making changes to your switches in order to enable the transmission of NetFlow or sFlow data. Changes to production switches typically require a significant amount of justification and approval prior to implementation. It would be prudent to prove any of these test methods on a small test network before moving onto any larger environment.
That being said, we used an HP Procurve 3800 managed switch as the primary sFlow source. Enabling sFlow on the switch required the entry of a number of commands at the switch command line interface (CLI) over an SSH connection. We also had to upgrade the switch firmware to the latest version for everything to work correctly. At least one product (ManageEngine OpManager) provided a script to enable sFlow along with a one-page 'how-to' document to do that for you.
From an administrator's perspective, the user interface (UI) must be easy to navigate and customize. It should quickly present any problem areas and allow an operator to drill down for more specifics without a huge number of clicks. The customization of the UI and management of features must not require a programmer to make it properly work. Alerting is a basic requirement, with the ability to customize the priority and delivery an equally important feature.
Reporting should be equally as easy to administer. Creating a new report with a query specific to the information of interest should not require a database administrator. Extra points are given here for useful graphics and multiple export formats. Role-based access may not be a big deal for a small organization but it would be for a group with multiple IT administrators.
The bottom line with network management is to keep the network smoothly functioning, with an eye on overall usage. Having the ability to see trends and potential problems can help stave off any future problems and add value to any product.
How to Buy
The first step for any IT project is to define the requirements. For network management tools, the foundational pieces include the ability to see detailed information about key pieces of hardware such as switches and routers. Many organizations don't have the staff to monitor computer screens 24/7. Automated alerting and remediation would be a key requirement in that case to help reduce the administrative manpower required. Trend-based reporting and monitoring help determine utilization levels and identify potential bottlenecks before they become a problem. Good reporting tools would be another requirement, to include the ability to create customized reports and queries.
Once you have that list of essential requirements, you should be able to look at each one of these products and determine if they meet those requirements or not. If more than one product qualifies, you'll need to do some testing on your own to see which one best suits your needs. Pricing varies, starting with free, then from a low-end, per-server, per-month of $1.24 up to a purchase price of $1,995 for up to 50 devices.
Featured Network Monitoring Software Reviews:
LogicMonitor Review
MSRP: $375.00Pros: Agentless, comprehensive and secure systems monitoring service. Excellent online help and technical support options. Sophisticated alert, collaboration, and workflow management features. Customizable dashboards put monitoring and in-depth troubleshooting information at technician's fingertips. Comprehensive and customizable reporting.
Cons: High volume of information and multiple customization options make it rather complex. Steep learning curve for those not familiar with monitoring tools and services.
Bottom Line: LogicMonitor is a venerable management tool that still sports cutting edge tools, including collaboration, workflow, and excellent dashboarding capabilities. Its steep learning curve my keep it out of reach of small businesses, but for those serious about their web properties, LogicMonitor is an able solution.
Read ReviewPaessler PRTG Network Monitor Review
MSRP: $0.00Pros: Hierarchical device view summarizes performance data and alerts at every level. QR codes corresponding to a particular device or sensor can be printed out and attached to physical hardware for quick monitoring from a mobile app while in the data center.
Cons: Some functionality in Enterprise Console redirects you to the web console; however, this will change with Paessler PRTG Desktop when it's introduced. Sensor-based licensing model could get expensive in organizations running many roles per device.
Bottom Line: Paessler PRTG Network Monitor does s solid job as both an infrastructure management tool as well as a network monitor. Companies of all sizes could make good use of this package.
Read ReviewManageEngine OpManager Review
MSRP: $1995.00Pros: Customizable user interface even more visually pleasing thanks to updates done since our last review. Support for Cisco UCS, Citrix XenServer, Microsoft Hyper-V, and VMware vCenter.
Cons: Everything must be installed on-premises. Cloud management requires a different product.
Bottom Line: ManageEngine OpManager primarily focuses on infrastructure management, but also gives IT generalists some good application performance management and network monitoring features.
Read ReviewSpiceworks Network Monitor Review
MSRP: $0.00Pros: It's free. Extensible with other (not free) products. Good basic monitoring. Easy to use and understand.
Cons: The product is at the end of its life and will eventually be replaced by a new cloud-based product.
Bottom Line: Spiceworks Network Monitor is mature, free, and very slick, with enough IT punch to act as a one-stop IT shop for small to midsize businesses. It also gives you access to the Spiceworks community, which is an informed and responsive IT expert community.
Read ReviewDatadog Review
MSRP: $15.00Pros: Agent installation can be automated. Advanced graph functionality. High level of customization. Now offers over 200 built-in integrations plus an API.
Cons: Heavy learning curve to several key features.
Bottom Line: Datadog is an infrastructure management service that's ideal for IT shops that can fully leverage its automation, application programming interface (API), and data analysis capabilities. Datadog also offers many integrations, dashboards, and alerts that smaller companies will find useful.
Read ReviewConnectWise Automate Review
MSRP: $1.00Pros: Ability to automate agent installation, and manage system and vendor patch deployment. Ability to offer self-service options to users. Allows multiple vendors to integrate with ConnectWise Automate, supporting use of their products without leaving the software.
Cons: Some functionality requires plug-ins, URL changes. On-premises installation requirements.
Bottom Line: ConnectWise Automate, formerly known as LabTech, does a solid job as an agent-based infrastructure and network monitoring platform with good support for self-service and third-party integration.
Read ReviewRuckus Wireless ZoneDirector 1200 Review
MSRP: $1095.00Pros: Self-establishing mesh network ensures reliable coverage. Network controller offers management and monitoring as well as IPS features such as rogue detection. Supports very high speed wireless connections.
Cons: Must use Ruckus access points.
Bottom Line: The Ruckus Wireless ZoneDirector 1200 WLAN Controller can bring enterprise-grade wireless network management into small and medium businesses transparently and without the need for wireless networking expertise.
Read ReviewIdera Uptime Infrastructure Monitor Review
MSRP: $125.00Pros: Good use of graphical elements on dashboards to visualize system status. Out-of-the-box support for VMware vCenter Hyper-V and Zen. Comprehensive and flexible reporting.
Cons: Some plug-ins require additional installation such as Python. Error conditions displayed on dashboard graphics are not clickable.
Bottom Line: Idera Uptime Infrastructure Monitor is a comprehensive infrastructure management choice for midsize IT shops due to its ability to manage cloud-based infrastructure and its decent support for third-party plug-ins.
Read ReviewIpswitch WhatsUp Gold Review
MSRP: $2656.00Pros: Good-looking user interface and dashboards with useful data presentation. Utilizes existing management protocols such as SNMP and WMI to gather its information.
Cons: Everything must be installed on-premises.
Bottom Line: Ipswitch WhatsUp Gold is a comprehensive infrastructure management service. Its new version offers capabilities such as cloud performance monitoring for Amazon Web Services (AWS) and Microsoft Azure as well as billing performance monitoring.
Read ReviewVallum Halo Manager Review
MSRP: $895.00Pros: Built on open-source software. Extendable feature set through apps. Decentralized architecture has its benefits.
Cons: App installation is a three-step process per app. Very limited reporting capabilities. Minimal alert functionality.
Bottom Line: Vallum Halo Manager keeps things simple, with features through apps that can be delivered quickly, and a decentralized architecture. But major usability concerns in the form of app installation and reporting prevent Halo from being a solid competitor in the network monitoring and infrastructure management arena.
Read Review