Slashdot Mirror
Build Your Own NOC
Geminus writes "Ever wanted to build a cheap NOC but had difficulty explaining tech stuff to bean counting managers? Here's the basics on building one for under two grand. Makes for a pretty good dog-n-pony show, and proves useful too! Damn, I want to be an Armchair Network Operations Center General."
A Website Dedicated to Computer Professional...and some not so Professional
.4a.iso?download
How to build a cheap Security NOC
William M. Nett
The Network Operations Center or NOC is the cornerstone of all computer networks. I've worked at AT&T's NOC, been around Government NOCs and seen small scaled versions. Most look like something out of the movie, "WarGames" and surprisingly, whether you're a Linux or Windows fan you can build one for cheap and be your own armchair NOC General.
What does a NOC do? It monitors connections, network activity, spots problems, conducts threat assessments, and calculates scalability requirements with customer demands... it also puts on a pretty good "dog-n-pony" show for potential investors and customers.
What's required? Again, surprisingly not too much! Depending on the size of your company, this can be achieved with as little as an 8' X 10' room, and 4 computers. Trust me, you more than likely do not need a $15,000 Cisco PIX or Nokia firewall (which runs Linux derivatives).
You'll need at least three big monitors (the bigger the better), two smaller ones (17"), a KVM switch, and OOB dialup. Here's the loadout:
1. Firewall: Get a copy of IPCOP... its Smoothwall on steroids and very easy to configure. It has a built in Intrusion Detection System, Proxy logging, and you can use Coyote Linux as a failover if you think you are being attacked. This package uses a web interface, so there's no need for a
monitor, keyboard, or mouse. These software elements are also free. Minimum requirements are a 333Mhz system with 64MB of RAM and a 2.1GB Hard-Drive.
2. Network Monitoring: Download a copy of F.I.R.E. and run it on a barebones 600 Mhz system. Configure and open Etherape on a monitor for an Air Traffic Controller's view of your network activity... bean counters love this. If you're being attacked or infected, you will quickly see where it's coming from. You should also use a receive only sniffer cable on this box to protect integrity... a receive only box has a zero chance of infection as it's physically impossible.
3. Got wireless? Download and run Airsnare with a semi hyped up Wireless antenna, and you'll quickly spot any war-drivers or unauthorized network connections. If you have an old directional motorized TV antenna system lying around you can go uber-elite and connect a cheap phased array panel antenna or cantenna to locate your wireless intruder with NetStumbler. This can all equally run on a 333Mhz Windows based system.
4. Workstation: Here's the beef... a 1.2Ghz, 512MB, 20GB computer, with dual head Matrox card, with dual booting OS (Linux & Windows), Preferably Linux with a Windows VMWARE guest OS. Trust me, once you go Dual-Head, you won't go back. The best Linux Dual-Head OS is SuSE 8.3. Tie this into the KVM to modify any of your servers.
5. Red Phone... afterall, who doesn't want one? You're batman right?
Your first Monitor should be watching CNN or the weather channel (depending on location), the second should be running Etherape, and the third should be running Airsnare or Windows Services Monitors (CPU, Netload, etc.) All of the software here except Windows is free, and easy to configure... except maybe your General's chair. In the end, aside from having your own
WOPR, you have a NOC for just under $2,000.00
William M. Nett
Links:
http://www.ipcop.org
http://www.coyotel inux.com
http://prdownloads.sourceforge.net/biatc hux/fire-0
http://etherape.sourceforge.net/ images/v0.5.5.png An etherape screenshot
http://www.netstumbler.com
http://hom e.comcast.net/~jay.deboer/airsnare/downl oad.htm
Search Now:
E-mail your comments to dougchick@thenetworkadministrator.com
All rights reserved TheNetworkAdministrator.com
Disclaimer: The Opinions shared on TheNetworkAdministra
For those who are wondering...
A NOC is a Network Operations Center. It is one room, typically filled with many displays of real-time data which display the health/status of a network.
I'd rather be a conservative nutjob than a liberal with no nuts and no job.
Geezus... Everyone who's a true nerd knows that the WOPR is the War Operations box that was in the movie WarGames (Matthew Broderick)....
You know, the movie that made it absolutely *impossible* to get a dial-up into any BBS in the country for about 3 weeks after the movie came out...
Then again, I've been hacking around since about '76, so maybe I'm just showing my age...
>
1. SuSe 8.3 does not exist, it's in fact either 8.2 or 9.0.
2. There is curently no dual head driver from Matrox Parhelia. Olders Matrox's video card has dual head driver, but they don't work anymore with "recent" motherboard since motherboard's voltage is changed from 3.5 to 5 volts. And yes, 1.2 ghz-era computer are affected by this voltage change.
3. Vmware will be too slow with this configuration do to something really useful. Especially with dual heading.
4. This article is either a fake or a troll.
Mirror Here. I'll mirror the rest of the page, as soon as he recovers from the shock and replaces the charred, smoking remains of the server he once had.
I was told that I could listen to the radio at a reasonable volume from nine to eleven...
There is *not* a heck of a lot of content here.
Most of the information is more than obvious to anyone interested in running a NOC (incidently, left out of the Slashdot story is that this is a *Security* NOC).
I've seen random Slashdot posts that would be a lot more useful to someone interested in building a NOC than this thing.
That being said, my own two cents:
If you're using SNMP to manage your network, snmpwalk+scripts is good. If you can stomach not using open source software, Intermapper is really nice. Unfortunately, the two big open source competitors don't quite measure up -- Scotty is kind of old and grotty and rather TCL-oriented, and GxSNMP appears to be dead.
Etherape, as suggested in the article, isn't the greatest choice either...IIRC, it doesn't support satellites, which means it needs to be running on the actual network it's monitoring. Not really acceptable for a NOC tool. Etherape is also, in my experience, rather CPU-hungry. There are a lot of commercial traffic flow visualization tools...not sure what's best, as I haven't played with many.
All in all, while the article's worthy of a post in a random discussion, it really isn't worthy of a Slashdot story.
May we never see th
Or, perhaps someone will come up with the bright idea to let you shoot packets whilst in the 3d game...
Kind of like psDooM (as seen on Slashdot), but at the network level? I'll betcha it could be done.
Carthago delenda est!
This is the website: http://fire.dmzs.com/
You need to refresh your DRAM. VMWare Workstation 4 costs $299 from vmware.com. The rest of the stuff can be had for free, more or less. 17" monitors are $100 a pop new (CRT, that is), the 1.2GHz box can be built new for around $200 (1300 Duron, 256MB RAM, 40GB disk) and the rest of them are dumpster-diving fodder. The only things in his list that actually may cost Real Money (TM) are the big screens, but you can get old 24" Sun monitors on Ebay for a song and maybe a little dance and then you just need to get/make a VGA-Sun adapter to be in business.
Money for nothing, pix for free
How is it there is an article about a homebrew N.O.C. that doesn't mention Nagios?
There are some vulnerabilities for passive monitoring also. A search of CERT database for snort or tcpdump gives you a following list:
A listen-only box gives you some protection but it cannot be the only protection for your traffic recorder.