A dumb question:
why do I need to analyse my firewall log? what should I look for?
is it to find out:
who use what (service) to get where?
a. top users by bandwidth utilization (as security guy, who do I care?)
b. outgoing protocol usage (same)
c. incoming protocol usage (same)
d. top ftp, telnet, web, etc. users
who "attack" our network?
who do want during business hours? (productivity issue?)
critical events for internal IP addresses?
warnings for external IP addresses?
Any pointers are appreciated.
Thanks in advance.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
