/>
X

Read your firewall logs!

Installing a firewall, configuring its rule-set, and letting it pass or deny traffic is not good enough. You also need to continuously monitor your firewall's log files.
zd-defaultauthor-laura-taylor.jpg
Written by Laura Taylor on
Installing a firewall, configuring its rule-set, and letting it pass or deny traffic is not good enough. You also need to continuously monitor your firewall's log files. By reviewing your firewall logs, you can determine whether new IP addresses are trying to probe your network, and whether you want to write new and stronger firewall rules to block them. Then you can decide whether to trace the probes and take some sort of management action.

All firewalls log information either locally or to a centralized logging server. You should review your logs daily, preferably first thing in the morning, to see if any suspicious activity occurred overnight. Here's a basic list of things to watch for:

If you read the log files every day, you'll get a feel for what is normal and abnormal connection behavior. Sometimes you'll notice abnormal behavior, and initially may not know what action to take. When that happens, research the abnormal behavior to determine whether you should take further action. A good place to seek assistance is your firewall vendor. Call the vendor up and ask for recommendations. Most should be glad to help.Installing a firewall, configuring its rule-set, and letting it pass or deny traffic is not good enough. You also need to continuously monitor your firewall's log files. By reviewing your firewall logs, you can determine whether new IP addresses are trying to probe your network, and whether you want to write new and stronger firewall rules to block them, or trace the probes and take some sort of management action.

All firewalls log information either locally or to a centralized logging server. You should review your logs daily, preferably first thing in the morning, to see if any suspicious activity occurred overnight. Here's a basic list of things to watch for:

If you read the log files every day, you'll get a feel for what is normal and abnormal connection behavior. Sometimes you'll notice abnormal behavior, and initially may not know what action to take. When that happens, research the abnormal behavior to determine whether you should take further action. A good place to seek assistance is your firewall vendor. Call the vendor up and ask for recommendations. Most should be glad to help.

Laura Taylor is the Chief Technology Officer and founder of Relevant Technologies. Ms. Taylor has 17 years of experience in IT operations with a focus in information security.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one
img-1724

I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one

Electric Vehicles
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones