Network Monitoring - Nmap
Every day systems are being scanned, compromised and misused. Attackers use all kind of different tools to do this. Nmap is one of the best know tools out there to scan a system for potential open/vulnerable services. Nmap is able to give you very detailed information about a system in a very short time. As a system administrator it is important to know what hackers are looking for. Understanding an attacker is important if it comes to security. Unknown changes (new services, new open ports and so on) is one of the signals a compromised system will show. I wrote a extremely simple shell script that lets you scan your network and look for differences since the last scan.
1 2 3 4 5 6 7 8 9 10
Run this script regularly (once a week, month; based on the size and how important your network is) Does the produced email from this script contains any changes that you are not aware of? This is a reason to investigate!