Many organizations today have large local area networks (LAN) and keeping track of all devices connected to the network is a hard task especially for the IT personnel. As new devices are added to the network and others removed, it is necessary to have an updated record of the devices that actively or passively access the resources of a certain LAN. This could be done by collection of information about these devices, and this process of collection of such information is referred to as network discovery. This information can be; the device’s MAC address, IP address and the services accessed or provided by the device.
There are various steps that an organization should follow to determine the needs of an organization in discovering of all devices in a network. First, the organization should consider the resources that are being accessed at a certain time and by which people. This reduces security threats from hackers accessing the network resources or important information. Secondly, the organization should be in a position to monitor the network bandwidth and make sure that it is not slowed down by packets sent by unknown sources. Also an organization should consider easier implementation and assigning of different roles to different devices in accordance to the organization standards. This should include monitoring of softwares installed on different devices, their licenses and when they are due to expire in order to avoid legal problems, and the versions installed for these softwares. Lastly, an organization should consider network discovery devices that incase of a network failure will easily detect that of point of failure and correct the network problem in time.
These softwares could be open source or commercial software.Factors that determine the type of software to be used for network discovery are specific to the needs of each organization.Some factors that should be considered should be; the size of the network and the amount of money the organization is willing to set aside.
This is an open source script that is written to automatically ping a range of certain ip addresses or ports and in turn updates the ARP table. This enables the network administrator to know the devices on the network. The tool sends an ICMP ECHO_REQUEST and records the replies in an orderly manner. The shortcoming is that some devices do not receive ICMP messages because of the firewalls installed.
Nmap is an open source utility used to of scan ports of devices by use of their ip address or host name. By doing this, nmap is able to keep track of the devices in a network.It uses both ICMP and TCP ACK packets to scan port 80.The TCP ACK is able to get past devices that do not receive ICMP packets. Its other functionality are the ability to know which services are running on the network, the operating systems running on different devices and the firewall softwares in place among others.It is also discovers remote devices. The disadvantage of nmap software is that it discovers only devices that are operational when scanned.
The arpwatch waits for ARP packets and notes the ip address associated to a certain MAC address and keeps this information in a database. Incase the information on the database changes the network administrator is notified by an e-mail. The problem faced by arpwatch is that it is only limited to devices on the LAN and not those accessing remotely thus it can only be used on one network at a time .
This is a measure that is used to analyze a network traffic so that one can identify problems on the network. Sniffing is used by hackers to get information from a certain network.Sniffing techniques such as DHCP, ARP or WINS sniffing could diverge information such as the workgroup of the network, NetBIOS name of the device, MAC addresses and ip addresses.
Creating a Virtual LAN(VLAN) within your network could be one of the best was to prevent hackers from sniffing your network. This is because the VLAN grants access only to authorized ip addresses thus making the broadcast domain smaller. The organization will have different virtual networks and certain information will be limited to only certain people (Mcclure, 2005).
DOS occurs when the real users of a LAN are locked out from using their network. This happens when hackers send unsolicited packets that flood the network. The bandwidth becomes flooded with packets without valid destinations thus making the network slow or the resources inaccessible. This can be countered by filtering the requests that are accessing the network resources and controlling the broadcast messages.
Ip spoofing is the impersonation of a certain device by sending out a message with another device’s ip address. The destination address is indicated but the source ip is hidden and cannot be traced. To prevent the network from being spoofed,one could use ingress and engress filtering at the router to disqualify packets that are not legitimate. Another way is to use authentication by maintaining an access control list of the range of ip addresses that are eligible to access the network. Encryption of packets could also prevent spoofing (Tanase, 2010).