Information Technology > Firewalls

Many organisations implement a range of controls, including installing sophisticated firewalls to eliminate the risk of unauthorised access to their networks, especially via the Internet. Firewall logs record all incoming and outgoing transmissions on a network and it is not unusual to record hundreds of thousands of activities in a single day. IDEA can be used to analyse the logs, identifying trends and exceptional items to follow up.

Firewalls generally contain information such as the source and destination IP address, date and time of admission, action by the firewall on receipt of the transmission, the service type and the service port accessed.

The following are commonly used tests:

  • Summarize the type of service being requested or being used
  • Identify the most common IP addresses attempting access to the network
  • Summarize actions upon connection (e.g., control, accept, or drop)
  • Analysing trends to determine the most common access times and identifying requests at unusual times
  • Extract all dropped transmissions
  • Identify potential attacks by looking for a pre-defined sequence of port scans (e.g., SATAN, ISS attacks, or searches for ports)