Logs Matter! - Softrams

  • Press

Larry Bensky
March 29, 2021 284 views

Individual working on multiple security systems

The pandemic has reshaped how we work and more importantly where we work. With home offices becoming the new norm, it is imperative we take a look at how we can keep our information safe, secure, and impenetrable from malicious attacks. This is where the role of logs comes into play. Logs are records of events that happen on your computer, either by a person or by a running process. They help you track what happened and troubleshoot problems. 

Why are logs so important?  They can reveal a plethora of information from the data logged in any system, particularly a router or firewall.  Observing these router or firewall logs is essential to find out what your network has been doing all day. The log data can provide information on how many times a site connection was established and how many bytes were transmitted or received to a site/IP address. You can assemble the data to summarize by input, output or in any other format you would like.

For example, if you have a home automation system or a DIY alarm, you may notice lots of connections and data being sent and received from a particular IP address. You could then drill down and see what times it is sending/receiving data and if those times correspond to a daily/noticeable event. Another good check is reviewing what servers the applications are communicating with, where they are in the world, and how many times a network connection is established. You can even find out what ports are being used. This activity may reveal what countries are involved with storing your data, which you may choose to take act on.  With most enterprise firewalls you can geo-block. This means you can block select countries from accessing your network and also block your network from communicating with chosen countries. Standard home routers may not allow the geo-block option, but many do let IP range blocks to be more tedious. Ultimately, it is possible to defend your home network with a little bit of work.

Another example of analyzing logs from your router or firewall will reveal how much bandwidth is being utilized by each resource. For instance, you see a device that is always on but not used – that may be a sign of a hacked device. Or it may be a rogue application. In any event, router and firewall logs can be very revealing about your networks’ inner workings. An essential example is analyzing your Wi-Fi logs and verifying which devices are connected.  You may end up finding a rogue device. It is always good to know your network data communications and what devices are connected at all times.

Now that we have established how important the log data is, you may be wondering how you turn the data into information. There are many options, with Splunk and Elastic Search (ELK Stack) as two of the top choices. You could write your log analyzer tailored to your specific needs. Additionally, there are some firewalls that provide reporting features as well.

Here are some tips for handling your log data:

  • Store the logs in a safe place to prevent tampering.
  • Decide what logs you will assemble with established time periods.  (Hint: Start small at first).
  • Establish roles if there are multiple people; decide who will gather the logs, who will analyze, and who will disseminate the information.
  • For businesses that collect logs; the logs will have to be retained for a period of time along with the reports.
  • Have a plan of action for when a log reveals suspicious activity. 

Considering most people (if not all) are working from home, interrogating the logs of your home office network has never been more important than the present time. There are two examples of graphs below that can be used to determine the health and well-being of a home office.  

While no system or analysis is perfect, it is better to have some understanding of what your network is doing than not knowing anything at all. We must all play our part in securing our information and ensuring there are no data leaks. Remember the adage, “The best defense is a good offense” and stay safe!

More Stories

  • Do Your Part: CyberSecurity

    Larry Bensky
    November 9, 2021

    We are all responsible for our own network hardening and security. This blog post is about how to harden your network and push Advanced Persistent Threats (APTs) efforts away.

  • Softrams on the Inc. 5000 List – 3rd Year in a Row!

    Zara Ikram
    August 19, 2021

    Inc. magazine revealed that Softrams is No. 1018 on its annual Inc. 5000 list, the most prestigious ranking of the nation’s fastest-growing private companies. Among the 5,000, the average median three-year growth rate soared to 543 percent.

  • Build a Great Product by Focusing on Quality

    Chris Hand
    September 14, 2021

    The best software lets users accomplish their goal without getting in the way. Build quality into your process to launch better produces and empower your users.