|
One of the most challenging, yet rewarding, aspects of perimeter security is network log file analysis. This process involves trying to identify intrusions and intrusion attempts through vigilant monitoring and analysis of various log files and then correlating events among those files. There are many different types of network log files to review, from network firewalls, routers, and packet filters to host-based firewalls and intrusion detection systems (IDSs). Although analyzing log files might sound a bit tedious to you, the techniques presented in this chapter can help you to gain a great deal of value from your files in a short amount of time. This chapter discusses several important topics that demonstrate why log file analysis is so critical to establishing and maintaining a strong perimeter defense:
By the end of this chapter, you should be well prepared to perform your own analysis of network log files in your environment to accurately identify suspicious and malicious activity and to respond to it quickly. As a first step toward that goal, let's talk about why you should care about log files and what they can tell you if you listen. |
|