Intrusion Detection and Log Analysis

Having the ability to detect network activity pointing to an intrusion attempt on the server, the system administrator can take appropriate measures in time. That’s why there are intrusion detection systems.

The psad tool (port scan attack detection) is software that monitors the firewall logs to detect a scan or attack on the server, and then can alert administrators or take proactive steps to contain the threat. In addition, the pshad includes many TCP, UDP and ICMP signatures included in the Snort intrusion detection system. Psad usually work on Linux systems and is available in package repositories of many major Linux distributions.
In this article, you can learn more about the features of this tool, and with the methodology.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.