Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


November 1996

Building a Network Security Monitor


From the November 1996 Edition
of Windows IT Pro
Michael Otey
VB Solutions
InstantDoc #2829
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    Windows NT Event Logs

Download the Code Here

Harness the power of the Win32 APIs to build a useful VB app without complex coding

VB Solutions is a new department in Windows NT Magazine that shows you how to use Visual Basic (VB) to solve business problems. In this space, we'll build a variety of solutions for specific business problems ranging from network administration to integrating Microsoft Office/BackOffice applications with Object Linking and Embedding (OLE).

This column doesn't teach you how to write VB--instead, it focuses on using VB to provide quick and easy-to-implement solutions. Although a working knowledge of VB is important to understand how the utilities in this column work, you don't have to know VB to benefit from them. You can download the source and executable code for all VB Solutions utilities from Windows NT Magazine's Web site at www.winntmag.com.

Network Security Monitor
This month's solution is a network administration utility--Network Security Monitor--that uses VB to collect and report security violations for your networked Windows NT systems and lets you perform a quick security check on those systems. Network Security Monitor warns you about attempted network security violations by displaying all login failures for each networked NT system. Repeated login failures are a telltale sign of unauthorized network access attempts.

Requirements
You can use Network Security Monitor if you are running the NetBEUI protocol or NetBIOS over TCP/IP on your network. User and password definitions must match across all NT systems you want to monitor. For example, user MIKEO must have the same password on all systems.

How It Works
Both NT Server and NT Workstation use an Event Log to track security-related events and other system- and application-related events. If you aren't familiar with NT's event logs, see "Windows NT Event Logs," page 153, for a brief explanation of this NT feature. Mike Reilly shows you how to audit your NT security in "Find Holes in Your NT Security," October 1996.

NT also has a built-in Event Viewer that lets you select and view event logs for local and remote systems. However, Event Viewer lets you view only one system at a time, so it's too cumbersome for checking several systems regularly. Network Security Monitor solves this problem by reading event logs from multiple networked NT systems. Screen 1 shows the Network Security Monitor program's main window.

Using Network Security Monitor is easy. When the program starts, it retrieves a list of networked NT systems and displays them in the main window's left list box. You can monitor any or all systems in the list that appear in the list box on the right. After choosing the systems, you simply click OK to begin reading those systems' security event logs. The Network Security Monitor highlights each system in the list box on the right as it begins reading that system's log. The program displays a progress bar as it reads through the logs. After Network Security Monitor finishes, the progress bar disappears and a View Results button appears. Clicking View Results displays the Network Security Monitor Results window, as shown in Screen 2.

The Network Security Monitor Results window displays a grid that contains the server name, the user, the time stamp the Event Log generated, the event ID, and a brief description of the event. Each system appears in the order you selected it, and events appear chronologically (newest to oldest). Collecting login security errors with Network Security Monitor is a snap.

Inside Network Security Monitor
Considering Network Security Monitor's functionality, you might think that building it requires complicated communications coding and a knowledge of system internals--but that's not the case. NT provides a rich set of more than 800 APIs, most of which you can call from VB. They let you access a variety of system functions. Network Security Monitor takes advantage of a small set of NT APIs to handle the trickiest parts of the program.

The first API Network Security Monitor uses, the Win32 NetBIOS API, lets the program browse for the available networked NT systems. NT supplies this API in the DLL netapi32.dll. It contains many functions; Network Security Monitor uses one, netserverenum, that returns a list of networked systems.

To use NetBIOS or any API functions in VB, you must declare them. Listing 1 shows the VB declaration for function netserverenum.

LISTING 1: VB declaration for NetBIOS API function netserverenum

Declare Function NetServerEnum Lib "Netapi32" _ (vComputerName As Any, ByVal lLevel As Long, vBuffer As Any, lPreferedMaxLen As Long, lEntriesRead As Long, lTotalEntries As Long, vServerType As Any, ByVal sDomain As String, vResume As Any) As Long

   Previous  [1]  2  3  4  Next 


Top Viewed ArticlesView all articles
CES 2009: Ballmer Announces Windows 7, Windows Live, Live Search Milestones

During his first-ever Consumer Electronics Show (CES) 2009 keynote address last night in Las Vegas, Microsoft CEO Steve Ballmer announced the pending public availability of a feature-complete Windows 7, the final version of Windows Live Essentials, and ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

Where is Microsoft NetMeeting in Windows XP?

...
Security Whitepapers The Impact of Messaging and Web Threats

Why SaaS is the Right Solution for Log Management

Protecting (You and) Your Data with Exchange Server 2007
Related Events Security Summit

Virtualization Forum: Optimizing Storage, Networks, Desktops, and Security

Cloud Computing Forum: Integrating Software, Server and Storage as a Service into Your Enterprise IT Delivery Model

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.



ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Download Data Protection Manager 2007
Disaster recovery at a low cost

Maximize speed, performance and reliablity of your PCs and servers—automatically!
Speed Up Your PC! Try Diskeeper 2008 with InvisiTasking Free Now!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

Order Your Fundamentals CD Today!
Register today for your in-depth copy of one of three Fundamental CDs on the following topics – Exchange, SQL, and SharePoint.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.


Microsoft Learning Snack - Virtualization Basics
With virtualization, computing components essentially become on-demand services, freeing each element of a system from the others. This short video explains the needs, benefits, and technologies behind virtualization.

Microsoft Learning Snack - Virtualization With Windows Server 2008
Windows Server 2008 includes virtualization technology that allows many operating systems - including open source - to run on a single host. Come learn the basics of implementing these features.

Empower Your Processes with PowerShell 201
Paul Robichaux delves deep into PowerShell how-tos in 3 informative lessons, each followed by live Q&A—all on your own computer! Register today!

Microsoft Learning Snack - Green IT Through Virtualization
Many organizations face rising operating costs caused by excessive energy consumption. Virtualization and "Green IT" can help cut these costs. Get the information you need to bring Green IT savings to your business.

New Release: Windows IT Pro Master CD
13 years of content archives, fast answers with advanced search tools, and full access to WindowsITPro.com—order today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2009 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing