How are you guys doing? I was wondering what kind of tools are used to investigate networks to include routers, switches, firewalls, IPSs, and other advanced security technologies? Does this mostly consist of reading each line of syslog info?
Just how far ahead or behind are the professional tools out there for this?
Hi. There's a tool called Firewalk which may be worth checking out, and there's a tool which looks like it's designed to audit Cisco firewalls/routers called Router Audit Tool; see http://www.cisecurity.org/bench_cisco.html
These sytems are called SEM, SIM, or SIEM (Security [Event] [Incident] Management) systems that will correlate, monitor and alert on logs. This type of system will take logs and parse it for you and make drilling into (or detecting) and issue much easier. There is no realistic way you can monitor your the tremendous amount of log data without something to help you out.
Registered users: maxgadgetuk In total there are 65 users online :: 1 registered, 5 hidden and 59 guests (based on users active over the past 5 minutes) Most users ever online was 1535 on Fri Feb 01, 2008 3:38 pm Legend: Administrators, Global moderators