How to Identify Potential Malicious Attacks on Firewalls

Malicious attacks cost consumers millions of dollars each year. These attacks can shut down a computer system for an hour, a day or even longer. Firewalls, which form the foundation of present day computer and network security systems, are the virtual walls designed to protect computer networks. Firewalls identify the constant malicious attacks from hackers and automated applications and attempt to protect networks against these attacks.

Your firewall’s log file tells you the type of attack that was projected at it and if the attack was successful in breaking into your system. You’ll need to consistently check your network’s various components because an attack will be successful if a component is vulnerable. Configuration of a firewall is not an easy task -- most people accessing the network don’t have detailed technical knowledge. Factors such as technical errors, flaws in configuration and carelessness of the network administrator can cause your system to be susceptible to attacks.

Study your firewall log file and take the necessary corrective actions to reduce hacking risks. To identify a threat through the firewall’s log file, you need details such as the private Internet protocol address of the local system as well as the public IP address of the local system when it connects via a virtual private network. You’ll also need to know the systems protocols -- UDP or TCP -- which enable your system to exchange messages on the Internet. An understanding of the state of packets such as whether they were dropped or allowed is also essential. This information will help you understand the traffic pattern approaching your system.

Hackers typically attack a firewall through an open network such as a TCP port 80 or TCP port 443. They use scanners to identify open ports so they can initiate a port scan attack. When you examine your firewall’s log file, you might notice that the same IP address is trying to access multiple ports. Generally, in a network, machines use TCP or UDP ports and there can be more than 6,000 ports at risk. While port scanning, hackers send a message to each port, one at a time. They target TCP ports because these ports present the easiest way to form a connection. Hackers also attack the SOCKS port because this port is not easy to configure. Multiple systems get access to a single Internet connection through this port and a weak SOCKS port can allow access to several systems in a network.

Hackers also try to access a single port with multiple IP addresses. In the log file, you’ll notice several entries that show multiple IP addresses trying to access one particular port. Also, Trojans within the network can threaten your firewall. These Trojans make constant attempts to log into the firewall and make changes in the settings. To protect your system, you could incorporate intrusion detection software, which monitor and analyze your computer’s traffic patterns. Intrusion detection is a passive system that provides information. IDS can be host-based or physical. Host-based systems use a combination of rules and signatures to identify illicit activities within the internal workings of a network. Conversely, physical IDS are used in systems such as security cameras and motion sensors and can be designed with prevention systems.