From the course: Network Forensics
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Firewall logs
- [Instructor] Firewalls are a key element of audit logs and a rich source of network forensics data. Firewalls generate logs of various access control activities. Firewalls utilize user-defined rules to decide on what to do with a packet that is requesting an entry into or an exit out of a network. Please note the word exit here. Firewalls control outgoing traffic too. They do this to prevent confidential or sensitive information from getting out of a protected network environment. Firewall rules are primarily used for three actions. Accept, deny and forward packets. Firewalls usually create a log entry when they detect and drop packets destined to an unauthorized host or application. These log entries contain information on where the packet originated from and where it's intended to go. The origin address information is captured by a host IP address and an application port number found in the header portion of a packet. As you may remember, each internet host has an unique IP…
Contents
-
-
-
-
-
(Locked)
Network logs3m 6s
-
(Locked)
Intrusion and security events5m 2s
-
(Locked)
Network logs as evidence3m 16s
-
(Locked)
Network logs and compliance3m 12s
-
(Locked)
Audit logs3m 28s
-
(Locked)
Firewall logs4m 23s
-
(Locked)
syslog6m 14s
-
(Locked)
syslog-ng6m 31s
-
(Locked)
Kiwi Syslog Server2m 39s
-
(Locked)
Microsoft Log Parser4m 34s
-
(Locked)
-
-
-