msaalim
asked on
Firewall / IDP log review
I just started as a security admin. I would like to know what are the things I should focus when reviewing firewall and IDP log files. We have juniper firewall and IDP devices. Any documentation / guidlines anyone can recommend.
Thanks,
Thanks,
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Before scanning your logs (unless you're looking for specific traffic) you want to baseline, as described above. Consider also setting up a network monitoring tool to give you a more visual representation of your traffic -- MRTG or Nagios/NagVis etc
ASKER
How would I know if a system has been compromised?
Thanks,
Thanks,
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.