Logs Matter!

  • Press

Larry Bensky
March 29, 2021 26 views

Individual working on multiple security systems

The pandemic has reshaped how we work and more importantly where we work. With home offices becoming the new norm, it is imperative we take a look at how we can keep our information safe, secure, and impenetrable from malicious attacks. This is where the role of logs comes into play. Logs are records of events that happen on your computer, either by a person or by a running process. They help you track what happened and troubleshoot problems. 

Why are logs so important?  They can reveal a plethora of information from the data logged in any system, particularly a router or firewall.  Observing these router or firewall logs is essential to find out what your network has been doing all day. The log data can provide information on how many times a site connection was established and how many bytes were transmitted or received to a site/IP address. You can assemble the data to summarize by input, output or in any other format you would like.

For example, if you have a home automation system or a DIY alarm, you may notice lots of connections and data being sent and received from a particular IP address. You could then drill down and see what times it is sending/receiving data and if those times correspond to a daily/noticeable event. Another good check is reviewing what servers the applications are communicating with, where they are in the world, and how many times a network connection is established. You can even find out what ports are being used. This activity may reveal what countries are involved with storing your data, which you may choose to take act on.  With most enterprise firewalls you can geo-block. This means you can block select countries from accessing your network and also block your network from communicating with chosen countries. Standard home routers may not allow the geo-block option, but many do let IP range blocks to be more tedious. Ultimately, it is possible to defend your home network with a little bit of work.

Another example of analyzing logs from your router or firewall will reveal how much bandwidth is being utilized by each resource. For instance, you see a device that is always on but not used – that may be a sign of a hacked device. Or it may be a rogue application. In any event, router and firewall logs can be very revealing about your networks’ inner workings. An essential example is analyzing your Wi-Fi logs and verifying which devices are connected.  You may end up finding a rogue device. It is always good to know your network data communications and what devices are connected at all times.

Now that we have established how important the log data is, you may be wondering how you turn the data into information. There are many options, with Splunk and Elastic Search (ELK Stack) as two of the top choices. You could write your log analyzer tailored to your specific needs. Additionally, there are some firewalls that provide reporting features as well.

Here are some tips for handling your log data:

  • Store the logs in a safe place to prevent tampering.
  • Decide what logs you will assemble with established time periods.  (Hint: Start small at first).
  • Establish roles if there are multiple people; decide who will gather the logs, who will analyze, and who will disseminate the information.
  • For businesses that collect logs; the logs will have to be retained for a period of time along with the reports.
  • Have a plan of action for when a log reveals suspicious activity. 

Considering most people (if not all) are working from home, interrogating the logs of your home office network has never been more important than the present time. There are two examples of graphs below that can be used to determine the health and well-being of a home office.  

While no system or analysis is perfect, it is better to have some understanding of what your network is doing than not knowing anything at all. We must all play our part in securing our information and ensuring there are no data leaks. Remember the adage, “The best defense is a good offense” and stay safe!

More Stories

  • Softrams Top 62

    We Made The List!

    Zara Ikram
    March 16, 2021

    Softrams is ranked at number 62 on the second annual Inc. 5000 Regionals: D.C. Metro list. This is the most prestigious ranking of the fastest-growing Washington, D.C., area-based private companies.

  • Looking for the Ts for A teams

    Looking for the Ts for A teams

    Murali M
    September 24, 2020

  • JIRA Test Management Tools

    Jillian Flinspach
    June 23, 2021

    Here at Softrams, Jira is an indispensable part of workflow productivity. In the software development and testing industry, completing our routine tasks of quality inspection for software products, we usually conduct problems and project tracking via Jira Test