|
Various system logs can be used to identify deviations from the organization's security policy, including firewall logs, IDS logs, server logs, and any other logs that are collecting audit data on systems and networks. While not traditionally considered a testing activity, log review and analysis can provide a dynamic picture of ongoing system activities that can be compared with the intent and content of the security policy.
Snort is a free IDS sensor with ample support. It is a network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI (Common Gateway Interface) attacks, SMB (System Message Block) probes, and OS fingerprinting attempts.
|
