Home > Articles > Security > Network Security

From the author of

Determining What Constitutes Normal System Behavior

Capturing accurate, reliable, and complete system characterizations when systems are first configured—and periodically as they evolve—establishes a benchmark for normal system behavior. The information that needs to be captured includes a known, expected state for all systems, including network traffic, system and network performance, processes, users, files and directories, and hardware. Other information to be characterized includes past behavior derived from system logs and monitoring tools, which is available once systems have been operational for some period of time. This trusted record is periodically compared against the currently executing system to learn whether something has changed. If it has, the administrator uses the information to judge whether the change is acceptable and expected.

  • + Share This
  • 🔖 Save To Your Account