From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring

Unlock the full course today

Join today to access over 22,500 courses taught by industry experts or purchase this course individually.

Network monitoring

Network monitoring

- [Narrator] Firewalls and network devices are on the front lines of security, and their logs contain important information for security professionals. These logs are useful when investigating security incidents, troubleshooting network issues, and monitoring for suspicious activity. Firewall logs are one of the richest possible sources of information. When configured properly, firewalls create log entries for each and every connection attempted on a network, whether it was allowed or denied. The log entry contains quite a bit of useful information, including details about the attempted connection, including the source and destination ports and IP addresses, a timestamp indicating when the connection took place, and the identity of the firewall rule that either authorized or denied the connection. Let's think about some scenarios where these logs might be very useful. First, in the aftermath of a security incident, the…

Contents