StudyDaddy Information Systems Discuss the types of items that should be examined in a firewall log: a. IP addresses that are being rejected and dropped b. Probes to ports that have no application services running on them c. Source

Discuss the types of items that should be examined in a firewall log: a. IP addresses that are being rejected and dropped b. Probes to ports that have no application services running on them c. Source

Collapse

Top of Form

In a basic form, a firewall is something that is created to stop connections from suspicious networks. It would inspect the source addresses, the destination addresses, and the destination port of all the connections and conclude if a network can be trusted. Firewalls are very useful in a variety of places and in a variety of ways. It can help you to identify if malicious activity is happening within the network. It's helpful to monitor the new firewall rules and see if they are working correctly or not.

Using firewall logs, you can see if the IP addresses are being rejected and dropped. You can find out where are these IP addresses coming up from. Using 'ping –an IP Address, you can see if the IP is fake or not. If it's fake, you cannot find the owner. If it's real, you can resolve the domain with the 'Who is' database, call up the owner and see as in why someone at this port would be probing your posts [1]. Using a firewall log, you can look for probes to ports with no application servers running on them. Hacking criminals before installing the trojan horse program, they try to find out if other applications are already using these ports. When you see a lot of probes to some oddball port number, you can compare the number against well-known hacker programs and see if it has a hacker Trojan associated with it [1]. In a firewall, source routing is crucial as the attacker can generate traffic, saying it's the traffic inside the firewall. In general, such traffic wouldn't route to the firewall correctly, but with the source routing option, all the routers between the attacker's machine and the target will return traffic along the reverse path of the source route. Implementing such an attack is quite easy, so firewall builders should not discount it as unlikely to happen [2]. A firewall can be used to find suspicious outbound connections. The outbound connections coming from the public webserver could be an indication that the attacker is launching some vents against someone from your web server. Firewall logs can be used to find the unsuccessful logins to mission-critical systems and servers. If you see many unsuccessful logins from a particular domain, you might want to drop all connections from that domain.

 

References:

[1] Laura, T.. (2001).Read your firewall logs.

[2] https://stason.org/TULARC/security/firewalls/35-What-is-source-routed-traffic-and-why-is-it-a-threat-V.html

Bottom of Form

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!