Skip to main content

A short guide to Log analysis, intrusion detection and event notification

They can prevent an attack from succeeding and minimize the damage if a security breach occurs. For example, software tools or network monitors can help by constantly monitoring network traffic looking for suspicious patterns or by watching for unusual changes in configuration or system files on a server.

By providing early warning of what could be an attack, these tools can drastically minimize the damage caused by an intrusion.

A network intrusion detection system monitors packets on the network and searches for patterns indicating that an intruder is attempting to break into a system (or cause a denial of service attack).

For example, a system could associate an unusually large number of TCP connection requests to many different ports on a target machine with an attempted TCP port scan. Such a system may run either on the target machine that watches its own traffic, or on an independent machine aggressively monitoring all network traffic.

A system integrity verifier monitors systems files to detect changes (for example, a hacker or program modifying an operating system to create a back door). The Microsoft Windows registry and UNIX crontab files are other examples of data to be monitored.

Log file monitors can be utilized to analyze the log files generated by network and IT devices and services, looking for patterns that indicate unusual activity (detecting a large number of failed logins as an attempt to break a user account, for example).

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.