user manual
Using Event Rules 79
The Map can provide you with immediate information about which
devices have been using particular servers.
Detecting Unauthorized Servers
You can use the Detect Network Sweep Attack rule to spot users creating
unauthorized servers on the network. For example, you can detect
unauthorized FTP servers by creating a rule which detects FTP traffic on
the network, but which ignores traffic to and from known FTP servers.
Monitoring WAN
Links and Backbone
Links
Monitoring Congestion on WAN Links
You can configure a Monitor Critical Connections event rule to inform
you when a link is becoming congested. You can either set an absolute
threshold at a level of traffic which you think is acceptable on the link, or
you can use the event rule to tell you when traffic levels on the link
change significantly. A Connection Activity report can be used to give you
regular information on the activity of a link. See “Connection Activity
Report” on page 100 for more information.
Monitoring Single Devices Which are Overusing the Capacity of a
Link
You can configure a Monitor Network Resource Usage event rule to tell
you when one device is using a lot of bandwidth on a link. Similar
information can be obtained on a regular basis using a Top N
Connections report. See “Top N Connections Report”
on page 105 for
more information.
Detecting Network Misuse
Sometimes congestion on a link can be caused by misuse. You can
configure a Detect Network Misuse event rule to spot users using a WAN
link for Web traffic during working hours.
For example, if you know that a connection should only be used for Lotus
Notes traffic then you could configure a Detect Network Misuse rule to
spot any application except Notes. See Chapter 4
, “Grouping Network
Devices in the Map” for more information about applications.
If you have a network with multiple servers in different sites, you can
configure a Detect Unauthorized Machine Access rule to make sure
people access their local server rather than accessing a server across a
WAN link.