Cheat Sheet: Network monitoring
Do you know what’s happening on your network? Davey Winder looks at the benefits and challenges of monitoring
We look at the pros and cons of monitoring.
Why would we want to watch the data packets travelling back and forth on our network? That sounds pretty boring.
Well, yes it is. But having a monitoring system in place can be very useful. It can provide an early warning when something goes wrong, and valuable diagnostic data when you want to work out the cause of an outage. You can also use it to keep an eye on what resources are being accessed by client PCs, to help you identify and prevent abuse of the company network.
Are you suggesting we should spy on our staff? Can we do that?
Under the Human Rights Act, individuals are entitled to a certain expectation of privacy, even when it comes to their communications at work. However, that doesn’t mean you can’t monitor network activity. It’s perfectly possible to track and analyse the flow of data packets across your network without associating particular activities with individuals. Indeed, doing so would involve quite a bit of extra work, as you would have to inspect the contents of every packet, rather than just following their movements.
So traffic monitoring doesn’t count as snooping on employees?
Legally speaking, no it doesn’t. As long as you’re not collecting, storing or using personal information, you don’t have to worry about data protection issues. Even if you do start collecting identifiable information, you’re not necessarily in trouble – but you do then have to start abiding by the requirements of the Data Protection Act. At the very least, that means your monitoring policy must be clearly communicated to staff, and must be proportionate to a stated business objective, such as working out what’s eating up all your bandwidth. The Regulation of Investigatory Powers Act (RIPA) could come into play too: if you’re considering this sort of monitoring, it’s a good idea to take independent legal advice.
What about when employees bring their own devices? Can we still monitor their traffic?
Of course – it’s your network. You don’t have a right to access the information that’s stored on those devices, but when they send and receive data over the company network, the standard guidelines apply. The only thing that might muddy the water is the blurring of the business and leisure boundary within, and often without, the workplace. This is something best dealt with as part of an acceptable use policy, perhaps as part of a larger BYOD policy statement.
So which network monitoring tool should I use?
There’s no single package that I can recommend for everyone – the right solution for your company may well be the wrong one for another. But there are a bunch of things that should be on your checklist. First, look for network auto-discovery, so you don’t have to worry about systems potentially escaping the notice of your monitoring solution. The ability to provide data about response times, packet loss, uptimes and live netflow information can help you quickly pinpoint problems. The best solutions present mapping and monitoring information on the same screen, enabling you to spot where trouble is happening at a glance.
Also look for some kind of built-in reporting tool, because that will save time, and money, when it comes to analysis of the monitoring data. Real-time alerting is another must-have.
This all sounds rather expensive...
“As long as you’re not collecting, storing or using personal information, you don’t have to worry about data protection issues”
Like many of these things, it can be. It can also be cheap as chips. To a certain extent, it depends on your existing resources. For example, do you have a spare PC or laptop sitting around that you can repurpose as a monitoring server? It certainly doesn’t need to be the most powerful thing on the planet, and open-source/free monitoring software is more capable than you
might imagine.
What about the management cost?
Here you’ve put your finger on the biggest variable. Unless you go for a really ambitious system, most of the cost will relate to training and support for whoever’s managing and operating your monitoring system. If you can find someone who really knows their stuff, they should be able to install, configure and operate it more or less for free, perhaps relying on online documentation and user forums for support. If you don’t have such a resource to hand, look for a licence that includes 24/7 support while you’re getting set up, even if you cancel it once you’re up and running.