TABLE OF CONTENTS Detecting intruders
Auditing your firewall setup
Interpreting log output
Configuring firewall logging and alert mechanisms
Logging and monitoring firewalls
You ve just finished implementing your new shiny firewall, or perhaps you ve just inherited several new firewalls with the company merger. Either way, you re probably curious about whether they are implemented properly. Will your firewalls keep the hackers out there at bay? Do they meet your expectations? This chapter will help you find out. Here you will find recommendations on how to audit your firewall and set up your firewall log activities and your firewall rule base.
Defining what you expect is your first step in auditing your firewall. What do you want your firewall to do? Most of you should have this already defined in a security policy. Make sure you have an understanding of these before you verify your firewall setup. That way, when you re done with the process, you can compare the results to your expectations. Some of you may be in the situation in which you don t know what to expect. Maybe you are new to the company and need to assess the situation. Or perhaps your company has merged and you have assumed responsibility for several new networks. Regardless, try to define some goals before you start: What would you like to see happen?
