Subscribe to Windows IT Pro

 

Get Newsletters

  • Get the Latest News
  • Product Updates
  • Helpful Tricks
  • Productivity Tips

Subscribe Now!

November 01, 1996 12:00 AM

Building a Network Security Monitor

Michael Otey
Windows IT Pro
InstantDoc ID #2829
Rating: (2)
Downloads
2829.zip

Harness the power of the Win32 APIs to build a useful VB app without complex coding

VB Solutions is a new department in Windows NT Magazine that shows you how to use Visual Basic (VB) to solve business problems. In this space, we'll build a variety of solutions for specific business problems ranging from network administration to integrating Microsoft Office/BackOffice applications with Object Linking and Embedding (OLE).

This column doesn't teach you how to write VB--instead, it focuses on using VB to provide quick and easy-to-implement solutions. Although a working knowledge of VB is important to understand how the utilities in this column work, you don't have to know VB to benefit from them. You can download the source and executable code for all VB Solutions utilities from Windows NT Magazine's Web site at www.winntmag.com.

Network Security Monitor
This month's solution is a network administration utility--Network Security Monitor--that uses VB to collect and report security violations for your networked Windows NT systems and lets you perform a quick security check on those systems. Network Security Monitor warns you about attempted network security violations by displaying all login failures for each networked NT system. Repeated login failures are a telltale sign of unauthorized network access attempts.

Requirements
You can use Network Security Monitor if you are running the NetBEUI protocol or NetBIOS over TCP/IP on your network. User and password definitions must match across all NT systems you want to monitor. For example, user MIKEO must have the same password on all systems.

How It Works
Both NT Server and NT Workstation use an Event Log to track security-related events and other system- and application-related events. If you aren't familiar with NT's event logs, see "Windows NT Event Logs," page 153, for a brief explanation of this NT feature. Mike Reilly shows you how to audit your NT security in "Find Holes in Your NT Security," October 1996.

NT also has a built-in Event Viewer that lets you select and view event logs for local and remote systems. However, Event Viewer lets you view only one system at a time, so it's too cumbersome for checking several systems regularly. Network Security Monitor solves this problem by reading event logs from multiple networked NT systems. Screen 1 shows the Network Security Monitor program's main window.

Using Network Security Monitor is easy. When the program starts, it retrieves a list of networked NT systems and displays them in the main window's left list box. You can monitor any or all systems in the list that appear in the list box on the right. After choosing the systems, you simply click OK to begin reading those systems' security event logs. The Network Security Monitor highlights each system in the list box on the right as it begins reading that system's log. The program displays a progress bar as it reads through the logs. After Network Security Monitor finishes, the progress bar disappears and a View Results button appears. Clicking View Results displays the Network Security Monitor Results window, as shown in Screen 2.

The Network Security Monitor Results window displays a grid that contains the server name, the user, the time stamp the Event Log generated, the event ID, and a brief description of the event. Each system appears in the order you selected it, and events appear chronologically (newest to oldest). Collecting login security errors with Network Security Monitor is a snap.

Inside Network Security Monitor
Considering Network Security Monitor's functionality, you might think that building it requires complicated communications coding and a knowledge of system internals--but that's not the case. NT provides a rich set of more than 800 APIs, most of which you can call from VB. They let you access a variety of system functions. Network Security Monitor takes advantage of a small set of NT APIs to handle the trickiest parts of the program.

The first API Network Security Monitor uses, the Win32 NetBIOS API, lets the program browse for the available networked NT systems. NT supplies this API in the DLL netapi32.dll. It contains many functions; Network Security Monitor uses one, netserverenum, that returns a list of networked systems.

To use NetBIOS or any API functions in VB, you must declare them. Listing 1 shows the VB declaration for function netserverenum.

LISTING 1: VB declaration for NetBIOS API function netserverenum

Declare Function NetServerEnum Lib "Netapi32" _ (vComputerName As Any, ByVal lLevel As Long, vBuffer As Any, lPreferedMaxLen As Long, lEntriesRead As Long, lTotalEntries As Long, vServerType As Any, ByVal sDomain As String, vResume As Any) As Long

Related Content:

ARTICLE TOOLS


Want to use this article? Click here for options!

Comments
Add A Comment
  • Anonymous User
    7 years ago
    Mar 30, 2005

    http://support.microsoft.com/default.aspx?scid=kb;en-us;177199

    solve it

  • Anonymous User
    8 years ago
    Oct 22, 2004

    The source code is right under ya nose - its installed in the same folder as the exe.

    Good effort with the article - very helpful!!!

  • DANIEL
    8 years ago
    May 05, 2004

    Hey guys... reference the microsoft article related to the error 87 at http://support.microsoft.com/default.aspx?scid=kb;en-us;177199
    BUG: ReadEventLog Fails with Error 87

    I know this doesn't answer the reading of the event log... but i'm still looking for that.

  • Naushad
    9 years ago
    Dec 29, 2003

    Anyone find the source code for this

  • Paul Noeldner
    9 years ago
    Dec 17, 2003

    Good article. I tried downloading the code, and instead got a .exe that tried to install something on my PC, so I of course cancelled it. Please provide a link to the source code.

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

White Papers

Get your Windows 7 deployment off to the right start by implementing PC lockdown. A locked-down environment is easier and cheaper to support since users are less likely to make unnecessary changes to the core system configuration - read more here!

Essential Guides

Is your iSCSI "lossy"? The reality is that most off-the-shelf Ethernet hardware deployed for iSCSI can lose packets, resulting in slow performance or application downtime. Learn how to assess your current iSCSI infrastructure and engineer an advanced iSCSI SAN infrastructure.

Web Seminars

What's the best way to keep your network safe from malware? In this web seminar, security expert Greg Shields suggests an alternative method to the traditional blacklisting approach that is common with anti-virus and anti-malware solutions.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

Cloud IT Pro DevProConnections Left-Brain Mobile Dev Pro SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.