Answer:
Logging events helps you determine if there is malicious activity occurring, which may signal a network intrusion. By logging the type of traffic passing through the firewall, as well as how many attempts were made to try to break through it, you will have valuable information available should your system be compromised. But firewall logs are useless unless they are reviewed; therefore, you need to ensure that the logs are reviewed by a trained security professional on a regular basis to help prevent an attack. Again, this review process needs to be incorporated into your corporate security policy.
Chris Geffel, CISSP, GIAC, is a security architect for RedSiren. He is responsible for the design, configuration and implementation of RedSiren’s managed service solutions. Prior to RedSiren, he was with Bayer Corporation, where he supported security-focused projects including e-commerce, firewall implementation and management, anti-virus and secure remote access. At RedSiren, he has lead a number of initiatives, including the role as lead architect of RedSiren’s Managed Intrusion Detection System (MIDS) system.
First published on BankersOnline.com 4/01/02
print
share