Abstract
Throughout the years, computer networks have grown in size and complexity.
This growth attributed to the need for network security. As more and more
people use computers and the Internet, more confidential documentation are
being kept on computers and sent to other locations over a network.
To implement network security, the security administrator should firstly identify
all the needs, resources, threats and risks of the organisation to ensure that
all areas of the network is included within the network security policy. The
network security policy contains, amongst others, the information security
services needed within the organisation’s network for security. These
information security services can be implemented via many different security
mechanisms. Firewalls are but one of these security mechanisms.
Today, firewalls are implemented in most organisations for network security
purposes. The author, however, feels that the implementation of only a firewall
is not enough. Tools such as log file analysers and risk analysers can be
added to firewall technology to investigate and analyse the current network
security status further for an indication of network failure or attacks not easily
detectable by firewalls.
Firewalls and these tools do, however, also have their own problems.
Firewalls rarely use the information stored within its log files and the risk
handling services provided are not very effective. Most analysis tools use only
one form of log file as input and therefore report on only one aspect of the
network’s security. The output of the firewalls is rarely user-friendly and is
often not real-time. The detection of security problems is consequently a very
difficult task for any security administrator.
To address the problems, the researcher has developed a prototype that
improves on these problems. The firewall analyser (FA) is a prototype of an
An audit and risk handling prototype for firewall technology Page iii
analysis tool that performs log file- and risk analysis of the underlying
networks of the organisation. Although the prototype represents only an
example of the functionality added to a firewall, it illustrates the concept of the
necessity and value of implementing such a tool for network security
purposes.
The FA solves the problems found in firewalls, log file- and risk analysis tools
by reporting on the latest security status of the network through the use of a
variety of log files. The FA uses not only the firewall log files as input to cover
a greater area of the network in its analysis process, but also Windows NT log
files. The real-time reports of the FA are user-friendly and aid the security
administrator immensely in the process of implementing and enforcing
network security.
Eloff, J.H.P., Prof.