NetWatchman helps manage remote network logs

If you run an enterprise network, you probably keep a very close eye on your firewall logs as just one of many security precautions. These logs usually tell you when your network has been compromised, and careful analysis can yield all sorts of information such as the type of attack, the location of the attacker (or at least a range of IP addresses which may or may not be valid) and other valuable information.

But what happens when your domain isn't a single office, but a bunch of distributed domains that are geographically diverse, such as a bunch of telecommuters who are using their own cable modems and low-end firewalls and access devices? You probably stay up nights worrying that if anyone tried to penetrate your network from these remote locations, you probably couldn't track these attacks.

Maybe you haven't thought about this, and you should. If your remote workers are connecting into your corporate network from home, they should be subject to better monitoring and analysis tools. Luckily, Lawrence Baldwin's myNetWatchman.com has come to your rescue.

This service, which combines some Windows- or Unix-based agent software along with various Web-based analysis tools, works in conjunction with various firewall access logs to send alerts to a central place. The service then sorts through what it receives and tries to make pattern matches on the various log events. The service will then send e-mail to you based on what it has found, warning you of a potential attack. Of course, you will need to keep powered up whatever computer you run the agents on, otherwise the whole service is useless.

Summary statistics are available on the company's Web site. This way, you can tell -- for example -- if a hacker is trying to scan across a wide swatch of the Internet and use some kind of attack tool to look into or even break into a bunch of networks. Not surprisingly, when I last examined the Web stats, the cable companies had the most frequent reports of potential attacks in progress. This should be a lesson for anyone who is connected via a cable modem to the Internet: Do so without any protection at your own peril, because they are potentially ripe areas for hackers to scan and try to penetrate your machines.

Setting up the product isn't that difficult. There are explicit instructions on the company's Web site and the only drawback is the support for only a few of the various firewall access log formats -- including BlackICE; Zone Alarm; cable/DSL routers from Netgear, Linksys, Dlink, Zyxel and SMC Barricade; and Microsoft's Internet Connection Sharing firewall. I like the fact that the product supports both software-only firewalls and the hardware devices as well, even though I am mostly partial to the hardware solutions myself.

MyNetWatchman is a great idea and another layer of protection and being proactive about your network security. Given that the only cost is your own time involved, it should be used by anyone running a remote network or small business network that can't afford the staff or skills to maintain a full-blown firewall analysis tool.