Link to home
Start Free TrialLog in
Avatar of LBC
LBCFlag for United Kingdom of Great Britain and Northern Ireland

asked on

security breach!

i have recently had somone illegally come onto my network to create a firewall rule to allow them to have unauthorised access to a personal nas drive that sits on the netword.

i grant contractors access to the network allowing them to create a firewall rule .  however, i was looking at the rules and seen that someone had created a rule to allow them access in and out - i have a suspiion who it might be but how do i get the evidence to sack them ?

we use watchguard and a admin account
how could i find out when they logged in/out to do this ?
Avatar of Irwin W.
Irwin W.
Flag of Canada image

Unless you have a syslog server running, the Watchguard log only stores a limited amount of data, which is a few days at best.

My suggestion, don't delete the rule or stop it.  just change something simple like the protocol or port it uses.  Also, don't change your admin password YET.

Monitor the logs over the next few days to see who logs in and makes changes.
ASKER CERTIFIED SOLUTION
Avatar of deimark
deimark
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of LBC

ASKER

i have created my own account - thanks for your help