Can I use the firewall logs to find out if someone has accessed my company's network? What evidence should I be...
looking at other than firewall logs? Also what would you recommend to block intruders? If you are asking about what to look for in the firewall logs, your chances of finding evidence are pretty slim. In fact, if someone actually did get through your firewall into your systems, there probably is no record of it in the logs. What you could look for is evidence of preliminary scanning of ports to see if someone has been preparing for an attack. If you have intrusion-detection systems, you can look at those logs.
Specific recommendations would have to be based on what vulnerabilities were exploited. However, in general, you should ensure that all the latest security patches for all your systems, including firewalls, have been applied. You should also ensure that your firewall settings are such that all access is denied except that for which you explicitly need to allow. Also, look at your outbound firewall settings. You may be able to stop or detect insider attacks, or Trojans that may have already been implanted inside your network. For similar reasons, if you do not have intrusion detection, you should add that.
For more info on this topic, visit these SearchSecurity.com resources:
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.