Security Monitoring – Watch Your Networks

Old No Comments on Security Monitoring – Watch Your Networks 8

As you know, my company is in the business of third party IT support for clients. Usually, this means complete support from start to end, from firewall to desktop to printer. As you’ve guessed by now, this includes the most important aspect of a network, security.

When we take on new clients and see existing networks, we’re continually amazed at the lack of security monitoring. In my numerous years in the technology industry, I have yet to come across a network that was being security-monitored. We’ll have to do a bit of defining here, what exactly is security-monitoring ? In my opinion, anything that relates to network protection from malicious users, viruses, malware, and anything else that can cause damage to or compromise your data. For the most part, this means logs from your firewall or UTM (Universal Threat Management) appliance.

You should be setting up UTMs and other security appliances to send security logs to you daily. Ideally, these logs would be sent to an e-mail address dedicated for logs, instead of your own e-mail account. This allows you to store the log e-mails and keep them for historic reasons and future reference, without clogging up your own inbox.  Then, as part of your daily routine, you should be looking these logs over. I’m not suggesting you spend 4 hours every day combing through every single entry and looking up IP addresses and such. Unless your job is specifically related to the security of a network, you simply won’t have time to do this, especially if you’re a third party IT support company. What I would suggest is looking for abnormalities. Things that aren’t routine.

For example, one of our clients has a server from overseas that port scans their public IP address every 20 minutes of every single day. The IP of this malicious server is always the same, and I know to skim over it when I see it in the log files. You will run into similar situations, and you have to know what you need to recognize and what becomes expected.

Remember, network security is one of the most important elements of a network. It’s not enough to just setup a firewall or UTM and walk away; you need to watch it and make sure it’s doing the job it’s supposed to.

Author

Martin Lehner

Martin Lehner is an technology professional working for an IT services firm in Whitehorse, Yukon (Canada). He has been working in the technology field for over a decade. With a degree in Business Admin and numerous industry certifications, Martin leads a team of IT professionals that provide third party support for clients. Originally starting a company to offer web development services, Martin quickly realized that clients wanted the entire spectrum of technology services. When Martin is not at work (which is not often, since his company offers 24/7 support), he is busy at home spending time with his family.

Related Articles

Leave a comment

Back to Top