Observation Techniques

[Previous Chapter] [Previous Page] [Contents] [Next Page] [Next Chapter]

*Observations start on individual machines (if possible on all machines).
 
*If a subnet is under some common administration, it is useful to collect all observations on one or more servers to distinguish attacks on individual machines from scans over the network.
 
*Incidents are collected by some regional centers (CERTs, for example), and by global institutions like the Internet Storm Center.
 
*Goals:

*Make the Internet a better place by reporting incidents to the administrators of the originating network. This helps to ban rogue users and to notify the real owners of a machine which is used by an intruder for attacks.
 
*Many threats can be detected before they are published elsewhere.
 
*Even if some of your systems are pretty secure, it might be useful to observe attacks on less secured machines in your network.
 
*Learning the attack methods of the black-hat community.
 

[Previous Chapter] [Previous Page] [Contents] [Next Page] [Next Chapter]
Copyright © 2001, 2002 Andreas Borchert, converted to HTML on April 07, 2002