When Chart is selected from the Output Options menu, a new window is opened and the report data is displayed as a "pie" chart. Should you wish to display the report data in other forms, you can select the Chartbook item that is shown at the top of the chart display window.

When Chartbook is selected, a menu of icons that represent each of the chart types is displayed. You can select most of the following chart types from the menu:

Area --- Choose the area chart icon to display the Area dialog box. This dialog box displays icons showing the area chart styles. Choose a style by clicking on the desired icon. To apply the different area chart styles on your current data, click on Apply. Repeat these steps until you are satisfied with the way the area chart looks, then click on Cancel to remove the dialog box.

Bar --- Choose the bar chart icon to display the Bar dialog box. This dialog box contains icons showing the bar chart styles. Choose a style by clicking on the desired icon. To apply the different bar chart styles on your current data, click on Apply. Repeat these steps until you are satisfied with the way the bar chart looks, then click on Cancel to remove the dialog box.

Column --- Choose the column chart icon to display the Column dialog box. This dialog box contains icons showing the column chart styles. Choose a style by clicking on the desired icon. To apply the different column chart styles on your current data, click on Apply. Repeat these steps until you are satisfied with the way the column chart looks, then click on Cancel to remove the dialog box.

Combination --- This menu option is not used by INTOUCH INSA and should not be run.

Hi-lo --- This menu option is not used by INTOUCH INSA and should not be run.

Histogram --- Choose the histogram chart icon to display the histogram dialog box. This dialog box contains icons showing the histogram chart styles. Choose a style by clicking on the desired icon. To apply the different histogram chart styles on your current data, click on Apply. Repeat these steps until you are satisfied with the way the histogram chart looks, then click on Cancel to remove the dialog box.

Line --- Choose the line chart icon to display the line dialog box. This dialog box contains icons showing the line chart styles. Choose a style by clicking on the desired icon. To apply the different line chart styles on your current data, click on Apply. Repeat these steps until you are satisfied with the way the line chart looks, then click on Cancel to remove the dialog box.

Pie --- Choose the pie chart icon to display the Pie dialog box. This dialog box contains icons showing the pie chart styles. Choose a style by clicking on the desired icon. To apply the different pie chart styles on your current data, click on Apply. Repeat these steps until you are satisfied with the way the pie chart looks, then click on Cancel to remove the dialog box.

Scatter --- Choose the scatter chart icon to display the scatter dialog box. This dialog box contains icons showing the scatter chart styles. Choose a style by clicking on the desired icon. To apply the different scatter chart styles on your current data, click on Apply. Repeat these steps until you are satisfied with the way the scatter chart looks, then click on Cancel to remove the dialog box.

Click on the Output Options window to erase the chart window.

This appendix contains a list of frequently asked INTOUCH INSA questions.

E.1 Questions and Answers

Since there are two ethernet controllers on one INTOUCH INSA machine, can they monitor two LANs (or sub-LANs) at once? And, if so, will INSA Manager combine the two or show them separately?

INTOUCH INSA has two ethernet controllers so we can monitor two LANs at once with a single INTOUCH INSA box. Since all we track are packets and sessions by IP (or LAT) address . . . the data is merged on the reports. In later versions we will look at LAN-specific reporting.

Where do I put INTOUCH INSA on my Network?

INTOUCH INSA needs to be on an ethernet segment of your network. You want to place INTOUCH INSA on a segment that sees as many packets as possible.

With INTOUCH INSA can we have more than one monitor? And, does the monitor have to be solely dedicated for the purpose of INTOUCH INSA, or can they be using the monitor for other things and a window for INTOUCH INSA?

If a PC or workstation is running X-windows software, then it is possible to redirect INTOUCH INSA screen displays to a given PC or workstation. However, all interaction with INTOUCH INSA (for security reasons) must happen at the INTOUCH INSA console.

What happens when the number of seats limit is reached? Are some packets skipped and not read?

When the seats limit is exceeded, packet processing slows down and sessions reconstruction slows down. No packets are dropped.

Can I select which connections get monitored?

You can set up alerts for specific addresses and exclude addresses.

INTOUCH INSA sounds like a pattern/packet watcher which looks for various patterned traffic going across the network. True?

Close. INTOUCH INSA is a stand-alone box that reads the packets in real-time, reconstructs all user sessions in real-time, and then scans all of them in real-time.

How can INTOUCH INSA monitor all the activity?

Touch Technologies, Inc. has spent years developing the algorithms used in scanning and monitoring network activity. Because of this, INTOUCH INSA is an extremely efficient package.

We use an extremely fast RISC processor computer. Just a few years ago, the technology to perform this kind of monitoring activity was prohibitively expensive. Thanks to the decreasing cost and increasing power of the latest generation of computers, this kind of power is available at a cost that makes INTOUCH INSA feasible.

How does one know what type of policies should be considered with INTOUCH INSA? What is considered suspicious activity?

What is suspicious varies from user to user. That is why we do not pre-determine suspicious activity. INTOUCH INSA is a rules based surveillance tool. It allows each Network Security Manager to determine what constitutes suspicious activity at their site.

What if a "crack"/"hack" constantly re-establishes connections and changes authentication information? Additionally, how does this help from an inside job breach?

INTOUCH INSA can still see the patterns of activity and can take action.

Even on the inside, INTOUCH INSA sees the packets, reconstructs the sessions, and sees that suspicious activity and then takes action.

It seems possible that an inside job breach can always disable the INTOUCH INSA MONITOR by simply setting up one connection which uses the same IP address as the INSA MANAGER, and then another connection to actually "crack"/"hack" the network. What prevents this, anything?

By default INTOUCH INSA does not have an IP address. So, there is no way to access the INSA MANAGER from outside of the box. However, if you are using the INTOUCH INSA Transport Agent, the INSA MANAGER does have an IP address. The address is used to communicate with the Transport Agent. In this case, we still can not be accessed from the outside, because the only service we run is the INSA Transport Service, and the Transport Service can not access the INSA MANAGER---it just collects packet data.

Does INTOUCH INSA violate users' privacy?

There have been a series of court cases that have determined that all data on a computer belongs to the owner of the computer. Legally, individual users of a computer do not have the right of privacy during their use of the computer.

Given this, INTOUCH INSA is the least intrusive method of securing your network that can be made. While INTOUCH INSA does scan all user activity, it is a system that is only looking for suspicious activity. Suspicious activity is defined by your local Network Security Manager.

This glossary contains general information.

DECterm: A window displayed on the terminal screen.

IP: Internet provider.

LAN: Local Area Network.

LAT: Local area transport --- such as a terminal server.

policy: Computer-use policies are basically, rules for using the computer. For example, you might have a policy or rule that says certain data can only be changed by using a specific menu item.

policy violation: A violation of computer-use policy. For example, if the policy for changing certain data is to use a specific menu item and instead, a change is made using an editor, this would be a policy violation.

seat: The user in front of a keyboard.

WAN: Wide Area Network.