A Firewall Data Log Analysis of Unauthorized and Suspicious Traffic

John Week; Polina Ivanova; Sandy Week; Alexander McLeod

A Firewall Data Log Analysis of Unauthorized and Suspicious Traffic

Full text	View	Purchase

Source	Journal of Information Systems Security Volume 7, Number 3 (2011) Pages 2–15 ISSN 1551-0123 (Print) ISSN 1551-0808 (Online)
Authors	John Week — University of Nevada, Reno, USA Polina Ivanova — University of Nevada, Reno, USA Sandy Week — University of Nevada, Reno, USA Alexander McLeod — University of Nevada, Reno, USA
Publisher	Information Institute Publishing, Washington DC, USA

Abstract

On November 2, 1988, Peter Yee at the NASA Ames Research Center sent a note out to the Internet mailing list reporting, "We are currently under attack from an Internet VIRUS!” As these events were unfolding the firewall was starting its rapid evolution. Management often underestimates the importance of sufficient network security. Remarkably, there is little information available for network administrators to use to analyze the valuable data contained in their firewall logs in order to accurately describe threats to their systems. This paper examines 7,478 attacks logged by a small business Internet Service Provider (ISP) hosting 13 domains. On average, 276 attacks occurred per day. About one half of the attacks are the common Windows RPC and SQL Slammer attacks. Slightly less than one half of those attacks came from ten networks and about 25% of those originated from ten hosts. Results suggest what actions can be taken to strengthen small business network security. Results were compared and contrasted with a similar study called Statistical Analysis of Snort Alarms for a Medium-Sized Network recently undertaken by Chantawut and Ghita (2010.)

Keywords

Network Attacks, Small Business ISP, Origin of Attacks, Time of Attacks, Firewall Data Log

References

Avolio, F. (1999). Firewalls and Internet Security. The Internet Protocol Journal, 24-32.

Bouguettaya, A. R. A., & Eltoweissy, M. Y. (2003). Privacy on the Web: facts, challenges, and solutions. IEEE Security & Privacy, 1(6), 40-49.

Kumar, N., Mohan, K., & Holowczak, R. (2008). Locking the door but leaving the computer vulnerable: Factors inhibiting home users' adoption of software firewalls. Decision Support Systems, 46(1), 254-264.

Microsoft. (2007). Understanding TCP/IP addressing and subnetting basics [Electronic Version]. Retrieved April 23, 2009, from http://support.microsoft.com/kb/164015

Nietzsche, F. (2007). What are TCP/IP ports? [Electronic Version]. Retrieved April 24, 2009, from http://www.tech-faq.com/what-are-tcp-ipports.shtml

Ranum, M. (2006). Log Analysis Site Overview [Electronic Version]. Retrieved April 21, 2009, from www.loganalysis.org

Robertson, P., Curtin, M., & Ranum, M. (2004). Internet Firewalls: Frequently Asked Questions [Electronic Version]. Retrieved April 21, 2009,

Personal tools