Throughout the years, computer networks have grown in size and complexity. This growth attributed to the need for network security. As more and more people use computers and the Internet, more confidential documentation are being kept on computers and sent to other locations over a network. To implement network security, the security administrator should firstly identify all the needs, resources, threats and risks of the organisation to ensure that all areas of the network is included within the network security policy. The network security policy contains, amongst others, the information security services needed within the organisation’s network for security. These information security services can be implemented via many different security mechanisms. Firewalls are but one of these security mechanisms. Today, firewalls are implemented in most organisations for network security purposes. The author, however, feels that the implementation of only a firewall is not enough. Tools such as log file analysers and risk analysers can be added to firewall technology to investigate and analyse the current network security status further for an indication of network failure or attacks not easily detectable by firewalls. Firewalls and these tools do, however, also have their own problems. Firewalls rarely use the information stored within its log files and the risk handling services provided are not very effective. Most analysis tools use only one form of log file as input and therefore report on only one aspect of the network’s security. The output of the firewalls is rarely user-friendly and is often not real-time. The detection of security problems is consequently a very difficult task for any security administrator. To address the problems, the researcher has developed a prototype that improves on these problems. The firewall analyser (FA) is a prototype of an An audit and risk handling prototype for firewall technology Page iii analysis tool that performs log file- and risk analysis of the underlying networks of the organisation. Although the prototype represents only an example of the functionality added to a firewall, it illustrates the concept of the necessity and value of implementing such a tool for network security purposes. The FA solves the problems found in firewalls, log file- and risk analysis tools by reporting on the latest security status of the network through the use of a variety of log files. The FA uses not only the firewall log files as input to cover a greater area of the network in its analysis process, but also Windows NT log files. The real-time reports of the FA are user-friendly and aid the security administrator immensely in the process of implementing and enforcing network security. / Eloff, J.H.P., Prof.
Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:uj/uj:8800 |
Date | 04 June 2008 |
Creators | Van der Walt, Estee |
Source Sets | South African National ETD Portal |
Detected Language | English |
Type | Thesis |
Page generated in 0.0019 seconds