
Subscribe to
Computerworld January 24, 2005 (Computerworld) -- Ever take a look at the computer security hardware and software products available these days? The number of them is staggering. They promise to (and for the most part do) help keep your workstations and servers secure. Nonetheless, although these routers, firewalls and intrusion-detection and -prevention systems spit out valuable information in the form of log files, too many organizations ignore or discard those logs.
It's unfortunate that log analysis is often overlooked as a vital part of an enterprise's computer security. While organizations may spend piles of hard-earned revenue on the latest and greatest in hardware and software, they continue to ignore the logs generated by those products. Sadly, hidden within those logs are nuggets of information that can prove invaluable.
One reason companies ignore logs is that the tools and knowledge for making use of the information they provide are often not available or are considered too cumbersome. Some log outputs may be innocuous, while others are critical.
According to Marcus J. Ranum, co-creator of www.loganalysis.org and chief of security at Tenable Network Security Inc., "System logs are one of the great overlooked resources in computing today. Folks spend lots of money buying IDS but don't look at their firewall logs -- that's backwards! In fact, many organizations don't even turn on logging in their firewall (because of inaccurate concerns about 'performance'), which means they are losing an incredibly valuable resource."
It's not hard to see why security and network managers are apprehensive about logs. Log analysis can be a double-edged sword, mostly because it precludes security managers from ignoring certain security issues. To wit, "comparing firewall 'permit' logs with a blacklist of spyware sites can give a very illuminating -- or horrifying -- picture," according to Ranum.
Those in IT need to remember that logs aren't just security tools; they are also management and performance tools because they tell you if your link is reliable. Logs alert you if your system went down, then record when and for how long the interruption lasted. From a security standpoint, logs can tell you if your Internet link is largely used for file-sharing traffic or that more than three quarters of your desktops have been infected by spyware.
|
|
Print this Story |
|
Send Us Feedback |
|
E-mail this Story |
|
Digg this Story |
|
Slashdot this Story |
|
|
|
|
|
|
|
|
All Zones Application Performance Zone Enterprise-Class Security Zone Enterprise Solutions Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone The Data Center Management Zone |
|
|
| ||||||||
| ||||||||
| ||||||||
|



Security Management ZoneSecurity management is the process of developing a comprehensive data protection plan. It takes into account all potential threats, the existing network environment, the future needs of the organization, and lays out a multi-tiered blueprint to integrate the security technology needed to combat these threats. CDW can help keep your network and data secure. Visit the CDW Security Management Zone now See All Zones
|
Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT the good, the bad, and the rest of the weird stuff you deal with every day.New baits |

"Security Directions" virtual trade show2008's Code-Red Security Issues for Protecting the EnterpriseWebcasts, white papers, demos, and more. Presented in a unique 3-d environment. Enter our show right now! Click here to enter
|

In SecurityThere's plenty of talk about how to behave during a Customs search of your computer and gear, but Jon Espenschied's got tips for securing your data (and privacy) before you reach the border. Click here to read the latest column by Jon Espenschied |
![]() |
Layered Security Solutions
Although basic network security issues have changed very little over the past decade, the
network security landscape has changed dramatically. Today's IT professionals still have the
primary responsibility of protecting the confidentiality of corporate information, preventing
unauthorized access, and defending the network against attacks. Security experts and analysts agree that a security solution comprised of multiple layers is the best defense against today's increasingly sophisticated attacks.Download this white paper
|
Universal Threat Management - Because Conventional UTM is Not Enough!
This white paper, written by Mark Bouchard of Missing Link Security Services, examines the challenges confronting today's enterprises with respect to managing threats on a network. It also discusses the need for "Universal Threat Management", which is a security solution approach for all physical locations within an enterprise that require threat protection.Download this white paper |
Selecting the Right Threat Management Solution
This short demo will guide you through key considerations for selecting a solution to manage threats on a network. Learn about the popularity of Unified Threat Management (UTM), and how it fits into an overall security solution. Explore critical elements of a network-wide solution for multisite and large network-size deployments and identify the four key features of a threat management solution.View this demo
|
| About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map |
|
CIO The Industry Standard |

