Internet Security

Skip to Main Content »

Have a Question? Call Us!
Toll Free: 877.449.5102

Welcome to NTSecurity.com

You're currently on:

Benefits of Storing Firewall Logs

31/10/2012 Logs are important aspect of any network architecture in a way that with the help of logs, administrators can diagnose and analyze the cause of any trouble that may occur. Like firewall installation and configuration, monitoring firewall logs also require in-depth knowledge of ports, protocols and other network related technicalities. Therefore, it is recommended that only highly skilled security professionals with ample experience must be hired to manage the firewalls and monitor their logs.

Firewall Logs

Logs are important aspect of any network architecture in a way that with the help of logs, administrators can diagnose and analyze the cause of any trouble that may occur. Once a problem is diagnosed, the programmatic area or entity can be isolated from the rest of the network to rectify the issue. Same is the case with firewalls. Once a firewall is installed in a network, although security administrators define various rule-sets to prevent intrusion into the network, the rule-sets may not provide foolproof security to the network setup. In order to stay secured, it becomes essential for the security administrators to enable logging on the firewall and monitor the generated logs regularly. By monitoring the logs, administrators may come to know about the inappropriate and unexpected activities that may take place in the network because of malicious movements and/or intrusion.
Above mentioned firewall logging benefits can be understood more clearly by knowing about the logs that a firewall can generate. Firewall logs may be helpful in monitoring:


  • Activities on Unused Ports – Security administrators mostly know what ports are regularly used in the network in order to communicate with other computers within the internal LAN or with the external network. They also know which ports are not used during communication by any of the installed applications or services in the network. In most cases, administrators configure the firewall to block such ports to protect the network from external threats. However in some cases administrators may want to leave the ports open deliberately. In such situations, administrators can monitor the logs to know about unexpected activities on unused ports. When such activities are logged, administrators can come to know about the attempts that hackers are regularly making attempts to intrude into the network.

  • No Source IP Addresses – Firewall logs can also monitor the packets that entered into the system or network with no source IP addresses. Since every legitimating communication that takes place between internal and external network has complete information about source and destination addresses, packets with no source addresses might be from a hostile user that might want to intrude into the network to gain unauthorized access to sensitive information. Firewall logs help security administrators identify such packets and take appropriate action to resolve the issue.

  • Spoofed Internal IP Addresses – With the help of firewall logs, security administrators can also monitor the packets that pretend to be legitimate and generated from the internal network itself, but actually have entered into the network from the outside. When such packets are discovered, administrators can immediately take appropriate action to prevent the network from intrusion and information theft.

  • Failed Firewall Logon Attempts – Security administrators can monitor logs to view the failed logon attempts that have been made to gain access to the firewall. In a secured network environment, it is only the security administrators that are allowed to access the firewall, and it is quite unlikely that their logon attempt would fail as they always provide correct credentials to gain access to the device or application. In case multiple failed logon attempts are logged, it means that a malicious person is trying to intrude into the network by gaining unauthorized access to the firewall.

  • Tampered Firewall Rule-Sets – Firewall logs are also helpful while monitoring the current state of the rule-sets defined in them. Many times administrators enable the rule-set logs that are generated when one or multiple rule-sets are modified or disabled. Although such logs are generated even when the security administrators modify the rule-sets, it still becomes easier for them to identify the modifications made by any malicious person or intruder from the external network.

Like firewall installation and configuration, monitoring firewall logs also require in-depth knowledge of ports, protocols and other network related technicalities. Therefore, it is recommended that only highly skilled security professionals with ample experience must be hired to manage the firewalls and monitor their logs.

 4.40 out of 5 based on 24 reviews

Benefits of Storing Firewall Logs

31/10/2012

Firewall Logs

Logs are important aspect of any network architecture in a way that with the help of logs, administrators can diagnose and analyze the cause of any trouble that may occur. Once a problem is diagnosed, the programmatic area or entity can be isolated from the rest of the network to rectify the issue. Same is the case with firewalls. Once a firewall is installed in a network, although security administrators define various rule-sets to prevent intrusion into the network, the rule-sets may not provide foolproof security to the network setup. In order to stay secured, it becomes essential for the security administrators to enable logging on the firewall and monitor the generated logs regularly. By monitoring the logs, administrators may come to know about the inappropriate and unexpected activities that may take place in the network because of malicious movements and/or intrusion.
Above mentioned firewall logging benefits can be understood more clearly by knowing about the logs that a firewall can generate. Firewall logs may be helpful in monitoring:


  • Activities on Unused Ports – Security administrators mostly know what ports are regularly used in the network in order to communicate with other computers within the internal LAN or with the external network. They also know which ports are not used during communication by any of the installed applications or services in the network. In most cases, administrators configure the firewall to block such ports to protect the network from external threats. However in some cases administrators may want to leave the ports open deliberately. In such situations, administrators can monitor the logs to know about unexpected activities on unused ports. When such activities are logged, administrators can come to know about the attempts that hackers are regularly making attempts to intrude into the network.

  • No Source IP Addresses – Firewall logs can also monitor the packets that entered into the system or network with no source IP addresses. Since every legitimating communication that takes place between internal and external network has complete information about source and destination addresses, packets with no source addresses might be from a hostile user that might want to intrude into the network to gain unauthorized access to sensitive information. Firewall logs help security administrators identify such packets and take appropriate action to resolve the issue.

  • Spoofed Internal IP Addresses – With the help of firewall logs, security administrators can also monitor the packets that pretend to be legitimate and generated from the internal network itself, but actually have entered into the network from the outside. When such packets are discovered, administrators can immediately take appropriate action to prevent the network from intrusion and information theft.

  • Failed Firewall Logon Attempts – Security administrators can monitor logs to view the failed logon attempts that have been made to gain access to the firewall. In a secured network environment, it is only the security administrators that are allowed to access the firewall, and it is quite unlikely that their logon attempt would fail as they always provide correct credentials to gain access to the device or application. In case multiple failed logon attempts are logged, it means that a malicious person is trying to intrude into the network by gaining unauthorized access to the firewall.

  • Tampered Firewall Rule-Sets – Firewall logs are also helpful while monitoring the current state of the rule-sets defined in them. Many times administrators enable the rule-set logs that are generated when one or multiple rule-sets are modified or disabled. Although such logs are generated even when the security administrators modify the rule-sets, it still becomes easier for them to identify the modifications made by any malicious person or intruder from the external network.

Like firewall installation and configuration, monitoring firewall logs also require in-depth knowledge of ports, protocols and other network related technicalities. Therefore, it is recommended that only highly skilled security professionals with ample experience must be hired to manage the firewalls and monitor their logs.

Rating :
4.40 out of 5