Analyzing firewall logs is key to understanding the threats your servers face. Knowing what the bad guys are looking for is the first step in assessing how vulnerable your servers are. Both open source and commercial firewalls make log information available to firewall administrator. But taking risk assessment a step further, what if there were a way to apply the principles that make open source software successful to firewall log analysis? A way to help yourself and others at the same time? The DShield project seeks to do just that.
DShield bills itself as a distributed intrusion detection system. It works by collecting statistics from firewalls all over the world. Just how many reports does DShield receive? Currently its Web site lists about 24 million records each day, with more than 840 million recorded last month.
DShield can collect this enormous amount of data because of the number of clients and third-party add-ons that work with it. I counted clients for more than 60 hardware and software firewalls -- everything from Linux-based iptables firewalls to Windows XP Internet Connection Firewall. The information they collect provides global insight into the who, what, and where of suspicious network activity.
Read this full article at NewsForge
|
|
Only registered users can write comments.
Please login or register.
Powered by AkoComment!