Noticing Suspicious Events

One method of detecting intruders is being aware of the normal operation of your system and noting deviations from this standard. You may notice something odd about the system, such as a higher-than-normal system load. You may also see unusual files or changes to configuration files. Finally, users other than you may notice problems and complain. All of these things may be symptoms of an intrusion—or they could have more mundane explanations. In any event, spending some time investigating odd occurrences can put you on the trail of an intruder, and that's the first step to correcting the problem.

0 0

Post a comment