Summary
Monitoring and assessment is a critical part of information security. It is useful both in keeping systems running and in dealing with security events. It can alert administrators to problems, identify attacks in progress, and provide information for use in dissecting events or provide information for legal prosecution after a security event has occurred. In order to effectively perform these chores, the administrator must be knowledgeable in the use of many tools and be given the time to evaluated their results. In the day-to-day operation of networks, both knowledge and review tasks are often ignored or trivialized in favor of just keeping systems running. Unfortunately, this chapter can only provide the knowledge part of the monitoring ...
Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
