Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

FTP Monitoring

Created: 07 Jan 2011 | 7 comments
mpiotter's picture
mpiotter
0 0 Votes
Login to vote

Hi Everyone:  My company is looking to implement FTP monitoring.  Does anyone have tips/suggestions to share from their experience of implementing FTP monitoring? 

Thanks 

Discussion Filed Under:
, , , ,

Comments

xlloyd's picture
07
Jan
2011
0 Votes 0
Login to vote
xlloyd
Accredited

Are you going to be

Are you going to be monitoring FTP with Network Monitor or Endpoint Prevent?

I find that monitoring from Endpoint is the much more useful of the two because if you have an internal FTP server, it will be able to catch those incidents. Also, it's easier to get more user-specific information out of Endpoint. If your company uses an encryption gateway, Endpoint would catch the incidents before they even leave the machine whereas Net Monitor would need to be positioned before the gateway or else you won't be able to catch any of those incidents.

Other than those suggestions, I've found that it works well and I didn't have any real issues with it. It was pretty straight-forward.

- xlloyd

If this post has helped you, please vote up or mark as solution
mpiotter's picture
07
Jan
2011
0 Votes 0
Login to vote
mpiotter

It will be using network

It will be using network monitor.

pete_4u2002's picture
08
Jan
2011
0 Votes 0
Login to vote
pete_4u2002
Symantec Employee

yes, the network monitoring

yes, the network monitoring and prevention will meet your need.

Cheers!
Pete

Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619

yang_zhang's picture
12
Jan
2011
0 Votes 0
Login to vote
yang_zhang
Symantec Employee
Accredited

After adding the Network

After adding the Network Monitor on your Enforce Server, click 'Configuration' button of the Network Monitor Server, on the 'Packet Capture' tab, you can enable the FTP protocol:

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Roju's picture
25
Jan
2011
0 Votes 0
Login to vote
Roju

Endpoint prevent on Linux

Is there an Endpoint agent available for the Linux machine? I am running a Linux FTP Server and it may help pretty much.

 

Regards,

Roju.

xlloyd's picture
25
Jan
2011
0 Votes 0
Login to vote
xlloyd
Accredited

Don't think so...

Is it that only the FTP server is running Linux and the clients are running Windows or are they all running Linux?

I don't think that it's a best practice to put an agent on a server but I may be mistaken. In any case, I don't think that there's a client for Linux. I checked the downloads available with my license and saw only a Windows client.

In your scenario, if you really want to monitor FTP from the server-end rather than the client-end (running Windows clients) or if you have Linux clients...what I'd do is make sure the FTP server is in the DMZ and use a Network Monitor/Prevent server at the intersection of the ingress, egress, and DMZ points.

That way it'd capture both data leaving the network and data leaving the DMZ...it might put a strain on performance depending on how heavily the servers inside the DMZ are used though.

I'm no expert though...just my thoughts =]

Hope that helps
~xlloyd.

If this post has helped you, please vote up or mark as solution
Sara Bradford's picture
28
Jun
2011
0 Votes 0
Login to vote
Sara Bradford

Server downtime is no more a

Server downtime is no more a problem. Keep your website/server up and working. Monitor Scout, a complete web monitoring solution provider has also launched its services across the globe which will not only give prior notifications but will also help in maintaining server/website health regularly. http://www.monitorscout.com
please follow this link to sign up for free trial.

Thanks!

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,012