- LANGuardian
LANGuardian features, architecture, and licensing. - Solutions
See what you can do with LANGuardian. - Downloads
Free trial software, videos, documentation, and more. - Customers
See what our customers are doing with LANGuardian. - Partners
Architecture
LANGuardian architecture
LANGuardian uses advanced Deep Packet Inspection techniques to analyze the data packets flowing through the core switch on your network.
LANGuardian creates and maintains a database of traffic information that gives you access to historical as well as real-time network activity data. Real-time data enables you to troubleshoot and resolve problems as they occur. Historical data is indispensable for network forensics, and for identifying network issues and trends that cannot be identified using real-time data alone.
The diagram below shows the LANGuardian system architecture.
Click on the blocks in the diagram for details about each major component.
Management port
The management port on the LANGuardian system enables network administrators to establish a browser connection so that they can view the traffic data captured and stored by system.
Click to close
Browser-based user interface
LANGuardian has a browser-based user interface with a customizable dashboard and drill-down capability to whatever level of detail you need. All modern browsers are supported.
Click to close
You can configure any LANGuardian report to send you an e-mail alert immedidately when certain conditions are met (for example, when a user accesses a specified website or file share).
Click to close
CSV and PDF reports
You can generate CSV (for importing into Microsoft Excel and other spreadsheet applications) and PDF versions of all LANGuardian reports.
Click to close
Reporting engine
The LANGuardian reporting engine uses the information in the traffic database to generate interactive web pages, e-mail alerts, CSV files and PDF reports.
Click to close
Directory services integration
With the optional module for directory services integration, you can generate reports that include user names and other details derived from your corporate directory. You can also configure the system to ignore specific accounts such as those that are used to download anti-virus updates and operating system patches.
Click to close
Directory server connection
LANGuardian supports Microsoft Active Directory, Novell eDirectory, and the industry standard LDAP format.
Click to close
Traffic database
LANGuardian stores a historical record of traffic data in a secure, hardened, and highly optimized database. The database capacity is limited only by the amount of storage space available, while the storage used per day is determined by the amount of traffic on your network. Because the database is independent of system log files, you can use it to demonstrate compliance with the segregation of duties requirements of internal and external auditors.
Click to close
Deep packet inspection
LANGuardian uses Deep Packet Inspection techniques to inspect the contents (payload) of data packets in addition to the packet header, enabling it to identify threats that cannot be identified using standard networking components alone. LANGuardian implements DPI at full wire speed and does not slow down the network.
Click to close
Traffic collection engine
The traffic collection engine collects network activity data from the monitoring port on your core switch and prepares it for deep packet inspection (DPI) and subsequent storage in the LANGuardian traffic database.
Click to close
Monitoring port
When monitoring a physical network, the monitoring (SPAN) port on the LANGuardian system connects to the monitoring port on the core switch. When monitoring a virtual network, the monitoring port connects to a virtual switch, which must be operating in promiscuous mode. The network traffic seen by the monitoring port is collected by the LANGuardian traffic collection engine.
Click to close
Optional modules
A standard NetFort LANGuardian installation gives you the ability to capture, store, and monitor network activity data. With the optional directory integration module, you can associate traffic data with Active Directory or eDirectory user information. We also offer a range of other modules that you can use to find out even more about what is happening on your network. And remember, all of the information you see with LANGuardian is based on network traffic analysis so there are no clients or agents to install and there is no performance impact.
Click on the module names in the diagram below to see what additional information you can get from your network traffic with LANGuardian.
Directory Integration
With the optional module for directory services integration, you can generate reports that include user names and other details derived from your corporate directory. You can also configure the system to ignore specific accounts such as those that are used to download anti-virus updates and operating system patches.
Click to close
Directory server connection
LANGuardian supports Microsoft Active Directory, Novell eDirectory, and the industry standard LDAP format.
Click to close
SQL Server Database Monitor
This module monitors and records every access to your SQL Server databases, helping you to protect sensitive business data, secure your database infrastructure, detect fraudulent activity, and more easily meet your audit and compliance obligations. More...
Click to close
Windows File Share Monitor
This module monitors and records every access to your Windows file shares, recording details of user name, client application, server name, event type, file name, and data volume. More...
Click to close
E-mail Monitor
This module decodes, extracts, and stores the headers of incoming (POP3) and outgoing (SMTP) mail messages, allowing you to search by sender, recipient and subject, along with more detailed information such as timestamps and the IP addresses of sender and recipient. More...
Click to close
Web Browser Monitor
This module uses Deep Packet Inspection (DPI) technology to detect web browser type and version number by decoding the User-Agent string in every flow of HTTP traffic. With the Web Browser Monitor, you can identify all applications that download data over HTTP, along with the users and systems involved. You can also detect the use of unsupported browsers and prohibited devices on the network. More...
Click to close
Bandwidth Quota Monitor
This module defines and monitors bandwidth quotas for users or groups of users on a network. You can configure warning emails and automatic actions to notify users are quota limits are approached or exceeded. More...
Click to close
LANGuardian in a physical network
The diagram below shows LANGuardian in a typical network setup consisting of PCs, laptops, servers, a core switch, and a firewalled Internet connection. LANGuardian deploys as a bare-metal installation onto dedicated hardware that is connected directly to the core switch.
Click on the diagram to see a close-up of the switch ports.
Click to close
In this network, the core switch port assignments are as follows (click the diagram to see a close-up of the switch ports):
| Port number | Description |
| 4 | User LAN |
| 5 | File server |
| 6 | SQL Server database server |
| 7 | Application server |
| 8 | Intranet server |
| 10 | Management interface |
| 12 | Monitoring (SPAN) port |
| Uplink | Connected to Internet via firewall |
To monitor this network, the following steps are necessary:
- On your network switch:
- Configure port 12 as a monitoring port.
- Configure ports 4, 5, 6, 7, 8, and the uplink port as the source ports to be monitored.
- Connect a network cable from the monitoring port on the switch (port 12) to one of the network interface cards on the LANGuardian server.
- Connect a network cable from an unused port on the switch (port 10) to the other network interface card on the LANGuardian server.
- In the LANGuardian user interface:
- In the Administration menu, click Sensors.
- In the Sensors menu, click Add New Sensor.
- Choose a sensor type and follow the instructions.
LANGuardian in a virtual network
LANGuardian works on the same principle in virtual networks as in physical networks. A VMware ESX environment incorporates a virtual network switch, which is the virtual equivalent of the core switch in a physical network. The virtual network switch supports promiscuous mode, a setting that enables virtual adapters to see all traffic flowing through the switch and essentially providing the same functionality as a SPAN or monitoring port on a physical network. This makes it possible for the LANGuardian virtual appliance to monitor and report on all network traffic flowing through the virtual network.
The illustration below shows a typical virtual network setup consisting of file, application, and database servers connected to a virtual switch. When connected to the same virtual switch as the servers, the LANGuardianvirtual appliance can monitor all network activity on the servers.
In this network, LANGuardian is installed on a virtual server that is connected to a virtual switch. When the switch is configured in promiscuous mode, LANGuardian can capture all traffic flowing through the switch.
See the VMware installation instructions for detailed information about configuring LANGuardian on VMware networks.
Monitoring physical network traffic with a virtual appliance
As well as monitoring traffic on your virtual network, a LANGuardian virtual appliance can monitor network traffic on your physical network. In this configuration, you must configure an additional sensor in the LANGuardian user interface and connect this sensor to a separate virtual switch, which in turn must be connected to the physical network. The diagram below illustrates this configuration.
Deployment options
You can deploy LANGuardian as a VMware virtual appliance or install it on a dedicated physical PC or server. It is a standalone software system that requires no operating system licenses.
When installed on a dedicated physical PC or server, LANGuardian runs on industry standard hardware. The only special requirement is that the PC or server must have two NICs (network interface cards) – one to collect the traffic data, and one to provide access to the LANGuardian user interface.
When deployed as a virtual appliance, LANGuardian can monitor internal virtual and physical network traffic. To monitor virtual network traffic, the virtual switch you are monitoring must be configured to operate in promiscuous mode. To monitor physical network traffic with a LANGuardian virtual appliance, you need a dedicated virtual switch that is associated with its own NIC.
LANGuardian has a customizable browser-based user interface that shows you at a glance the network activity that is most important to you, and gives you the ability to drill down to whatever level of detail you need.
Find out more
If you have any questions about how LANGuardian can help you with your network monitoring requirements, please contact us. If you would like to see LANGuardian in action, please try our online demo system or download a free 30-day trial to try it on your own network with your own data.
