【 Weak current College 】 administrator of the firewall log Wizard

Windows network always become hackers and other predators attack target. But once the administrator through the firewall logs regularly learn about network status information, predators is very difficult to succeed.
Weekly or monthly view a firewall log, understanding the security vulnerability, reader speed and network performance, network security can be guaranteed. These log reflects the attacker constantly attack network records, shows the influence of malicious software, and internal systems to help you identify your business with company is not correctly configured or damaged system.
Information received from the firewall and software activities or device monitor type. On the select firewall, consider applying to monitor inbound and outbound connections and attempted intrusions. Configure the firewall log file size, see its size to be able to save a few weeks of useful data; only two days of log tracking information does not provide sufficient information to respond to possible security questions.
Watch constantly attack an intruder
Recent studies show that new connections to the Internet connection of the system in the first 10 minutes and the most vulnerable to attack. Your firewall is no exception. Average every 20 minutes all the registered address will perform port scanning. At this point you will find that there's always someone who attempts to connect to a port or a group of ports. Most of the firewall by default blocks the port scan. In potential intruders on 10 or more than 15 after executing scan ports, some firewalls can be in a locked to a specific address.
From the different addresses of a port scan is not a cause of the alert. But if you find that in a few weeks or months with an address in an attempt to perform a scan on port turn, you might have to be verified by packet sniffers to determine the source address that is not a fraud, and to register the address of an employee, contractor, or a business person to perform investigation.
Monitoring of internal systems for malicious software
Despite efforts to block, but sometimes not be Trojans, worms and spyware is downloaded to the desktop system. Some desktop application some malicious software will impact firewall package. (I recall that last one port 80 for HTTP and port in 7 combination of Echo) when I found that internal network connection between the system and a firewall, it is not appropriate to immediately view your computer information, confirm that could install malicious software, and perform immediate take essentials.
Misconfigured partners system will waste space
As a business, many companies require through a third party to perform server to server or server to client communications. I have one customer, independent of the contractor the contractor through an external agent handles public contact. In contractor installed agent software, firewall were from non-party proxy server authentication request destruction-the daily average of 20 minutes will have 15-20 times trying to connect. This behavior is at least two interpretations, server configuration is incorrect, or damaged. In either case have to deal with the questions, because the blocked attempts to record undoubtedly will take up log file space and bandwidth, which is the best space and bandwidth to be able to use proper business conduct.
Deny server attacks
Firewall every documented hundreds or thousands of blocking the connection information. In addition to the port you specify, if the firewall blocks all input information, these attempts to break into your network attempts although annoying, but relatively harmless. In a given period of time, a malicious user attempts per 100 milliseconds to connect one register address. This produces a familiar deny Server (DoS) attack "lite" version. This type of attack will be intermittent slow down network access speed, especially capacity around the link. Prevent logging to confirm that you are or have beena "lite" or DoS attack object.
Some sites in the network can be real-time monitoring of network threats. A recognized authority site is isc.sans.org Internet Storm Center. This page shows global network data map, these data are based on the analysis of global firewall log-database includes daily 36 million records and monthly 2.4 billion records.
If you want to keep your network data and local network of real-time state of the comparison is performed, click on the map in the ISC you country, display the relevant statistical data. Home page there is colorful maps in www.dshield.org, showing the global range attack correlation engine. If you regularly viewing the firewall log, you can find the above mentioned some of the questions, or other interference with the operation or performance of the network. In addition to maintain the vigilance against network threats, you can use firewall log data successfully convinced the boss to add security budget.