Using the Orion Network and Tools to identify and isolate an infected computer

If you are using SolarWinds Orion networks for network management, you have a whole set of network tools and applications on hand that were designed to make network management easier as possible. Unfortunately, you may not know how to use half of them.

You can use your SolarWinds Orion network tools to take care of a number of problems, the use of blocking undesirable to isolate an infected computer.

Orion is currently installed with the network and the addition of NetFlow Traffic Analyzer, Orion, you can quickly identify and respond to the wide variety of self-propagation of viruses that can attack your network.

For an example, consider the following scenario:

1) Discovery

A local branch of the banking network that handles all credit card transactions complains that the network is very slow, which is causing frequent timeouts during transfers of sensitive data. Worried, he immediately began to investigate.

2) Survey

You open the Orion NPM Web Console network tool to see that the network connection is active at the branch site. Refer to the graph the percentage of use and see that the use of current in the site is 98 percent. Know the normal use at that point is 15-25 percent. Your concern intensifies as realize your carefully protected network has been invaded.

3) Identify the problem

You click the NetFlow Traffic Analyzer tab, and then click the link to the site branch. Taking a quick look at the Top 5 Endpoints, you see that a single computer in 10.10.10.0-10.10.10.255 IP is generating 80 percent of the load on the link branch. This is what is slowing the data transfer. You're getting closer.

You know that this computer is in a part of the branch that is available to clients for personal transactions using the web. Further investigations revealed that 100 percent of the traffic of your computer for the last two hours was on port 1883.

Because you know that there are devices that use the IBM MQSeries messaging in that position, or any other services or protocols that require 1883, you can say that this is an exploit virus. One that will end soon.

4) Solution

Quickly use your configuration management tool, such as Cirrus Configuration Manager, to push a new configuration of the firewall that blocks port 1883. Within minutes, we see the decline of use to its normal range of 15-25. This area is secured.

With SolarWinds Orion network tools, network management need not be difficult. Your network tools may also have features that do not know. Regular training is necessary to ensure that you can do your job quickly, efficiently, such as headaches and with as few as possible.

For more information about using SolarWinds Orion network tools, visit Crown online at Technical Services http://www.coronaservices.net .......