Getting to know your system you are observing on a daily basis is essential. Doing so you develop a kind of sixth sense to when things are going wrong. If you are always observing when things are going right you will better understand when things are not doing what they are supposed to do. This is also known as a baseline, or something you can refer to when you think there may be an intrusion or malfunction.
When you’re more comfortable with a baseline, and how your system operates then it is easier to spot what professionals call ...view middle of the document...
Discovering different security threats and patterns can prove to come in handy. By utilizing traffic pattern packet analyzers, you can find anomalies that are in your baseline traffic. Becoming more comfortable with how your baseline operates will give you clues to when an intrusion is occurring. The more you see these intrusions or attacks on your network you will be able to identify them quicker.
Now when you are a victim of an attack, as a system administrator you need to know where to start looking. Log files are the best place to start. When a server is up and running, it will keep a file in chronological order that can be recalled so you are able to see just when and where the attack came from. These files also keep track of what is going on with the system, so if something were to go wrong then you would have a place to reference.
There is a problem with some of these programs that are intended to detect intrusions. They may be reliable; however they do not always get it right. They can sometimes misinterpret the packets throwing up a warning or blocking the port when there is nothing wrong. So it is imperative that you have a good understanding of what is and what is not a security risk.