From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Network traffic analysis
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Network traffic analysis
- [Instructor] Firewalls and network devices are on the front lines of security, and their logs contain important information for security professionals. These logs are useful when investigating security incidents, troubleshooting network issues, and monitoring for suspicious activity. Firewall logs are one of the richest possible sources of security information. When configured properly, firewalls create log entries for each and every connection attempted on a network, whether it was allowed or denied. Log entries contain quite a bit of useful information, including details about the attempted connection, including the source and destination ports, and IP addresses. They also contain a timestamp indicating when the connection took place, and the identity of the firewall rule that either authorized or denied the connection. Let's think about some scenarios where these logs might be useful. First, in the aftermath of a…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.