The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
In above question, we need to give details about different types of log generated by the devices designed for the purpose of addressing security in the network and how these logs can help the security professionals in analysing network security.
Solutions: The log helps organisations in keeping track of all the activities that take place in the network and the systems present within the organisation. By monitoring these activity , organisations can become alert if any malacious activity is identified in the log. These malacious activity includes sudden increase in log entries ,odd timing of log entries or any activity that seems to be different from regular senior.
Some of the log entries that need to be watched regularly for maintaing security of the network are - 1) log file contains details about the Failed Login Attempts - this log file can help in finding the malacious activity . For instance, if there is sudden increase in number of entries in log file , the reason can be an attacker trying to login into the organisation's private system.
2 Router and switches: The routers and switches also maintain log file . These log files can help in monitoring traffic that flows into the network. By watching the log file , we can get detail about the source IP address, date ,time or URL accessed. These details can help in tracking any sudden change in the activity taking place in the organisation's network or system.
3 Firewall log : The firewall log file keeps detail about the access denied or allowed into the network. Keeping an eye on the log file of Firewall can help in finding the malacious activities. For instance, if any source IP address which is new for the network is being denied access repeatedly , it may mean that some attacker is trying to enter the network.
Get Answers For Free
Most questions answered within 1 hours.