It would be fair to say that many companies assume they have secure systems because they implement strict security measures. The problem is how do we know that our security is working. Does never getting hit by a virus mean that our anti-virus software is doing it's job or have we just been lucky ? It usually takes an incident to focus awareness on system or procedural failings. The benefits of regular Penetration Tests are well understood in the industry, however taking more time to frequesntly examine and understand log files will pinpoint areas of concern a lot sooner if they are being exploited. The problem with log files typically falls into a few categories. 1) The number of devices which require management. 2) The quality and retention period of the logs produces. 3) Undestanding the meaning of the files themselves. Even the simplest of networks will have one or more servers, a firewall, a router and wireless access points to name a few. Firstly enable logging on each devic
