Security Management Strategies for the CIOAccess "Double-Check with Routers"
This article is part of the March 2005 issue of What are botnets and how can you prepare for them?
BITS & BOLTS Conventional routers are the perfect network security auditing device. Take advantage of what they see. Scripts: Simple Log Parsing The following is a simple script you can use to parse router logs. The initial instructions copy the logs to a new location, so the originals remain intact for auditing purposes. The grep commands that follow look for potentially threatening traffic (e.g., an abnormally high number of TCP resets or attackers using ICMP) and stash them in a separate file for further analysis. cp /var/log/messages.1 /root/logcheck/full_router.log cd /root/logcheck grep ' R ' full_router.log > resets.txt grep udp full_router.log | grep '.53[: ]' > dns_udp.txt grep tcp full_router.log | grep '.53[: ]' > dns_tcp.txt grep '.25: ' full_router.log | grep ' S ' > smtp.txt grep '.22[: ]' full_router.log > internal_ssh.txt grep '.123: ' full_router.log > ntp.txt grep '.3307[: ]' full_router.log > op-session-proxy.txt grep unreachable full_router.log > icmp-unreachables.txt Routers see everything that crosses your network. They direct the flow... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Recent Releases: Security product briefs, March 2005
Read about security products that were released in March 2005.
-
Guardians of the Crown Jewels
Database security products promise an extra measure of security for your most valuable assets. Are they worth the price?
-
Secure Reads: Outsourcing Information Security
Read a review of the book, Outsourcing Information Security.
-
Crypto Hazard
Could cryptography be the next destructive malware payload?
-
Double-Check with Routers
Conventional routers are the perfect network security auditing device. Take advantage of what they see.
-
Wireless Firewall
AirMagnet Enterprise 5.0
-
Recent Releases: Security product briefs, March 2005
-
- Invasion Force
-
BARRIER1 Model 50 product review
Product review of Barrier1 Model 50 open source security appliances cost, reporting and Web content and email filtering features.
-
Hot Pick: Enterasys's Dynamic Intrusion Response
Dynamic Intrusion Response
-
Vulnerability management: Visionael Enterprise Security Protector 3.0
Visionael Enterprise Security Protector 3.0
-
Configuration Management: St. Bernard Software's SecurityEXPERT 1.0
SecurityEXPERT 1.0
-
Columns
-
Perspectives: Tearing down Firewalls
Firewalls do little more than inhibit your business, writes Paul Simmonds of the Jericho Forum.
-
Layer 8: Finding a template for good information security
Security by Numbers
-
Logoff: Why Microsoft keeps infosec in business
The Wal-Mart of Security
-
Editor's Desk: 'Motivation by embarrassment'
Making the Grade
-
Perspectives: Tearing down Firewalls
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...