From the course: CompTIA Security+ (SY0-601) Cert Prep: 8 Network Security Design and Implementation
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Network monitoring
From the course: CompTIA Security+ (SY0-601) Cert Prep: 8 Network Security Design and Implementation
Network monitoring
- [Instructor] Firewalls and network devices are on the front lines of security and their logs contain important information for security professionals. These logs are useful when investigating security incidents, troubleshooting network issues and monitoring for suspicious activity. Firewall logs are one of the richest possible sources of information. When configured properly, firewalls create log entries for each and every connection attempted on a network, whether it was allowed or denied. The log entry contains quite a bit of useful information, including details about the attempted connection, including the source and destination ports and IP addresses. A timestamp indicating when the connection took place and the identity of the firewall rule that either authorized or denied the connection. Now let's think about some scenarios where these logs might be very useful. First, in the aftermath of a security incident,…
Contents
-
-
-
-
-
-
Restricting network access2m 8s
-
(Locked)
Network access control4m 30s
-
(Locked)
Firewall rule management4m 9s
-
(Locked)
Router configuration security4m 5s
-
(Locked)
Switch configuration security3m 42s
-
(Locked)
Maintaining network availability2m 34s
-
(Locked)
Network monitoring3m 41s
-
(Locked)
SNMP2m 54s
-
(Locked)
Isolating sensitive systems1m 58s
-
(Locked)
Deception technologies2m 51s
-
-
-
-
-
-
-