Skip to main content

Planning for Security Monitoring

When you monitor any network for security the key is to know what to look for. You should watch for patterns emerging and also monitor for well-known types of threats. The table below lists several common types of threats, but remember that there are many others.

Types of Threats Examples
Spoofing Forge email addresses and replay authentication packets
Tampering Alter data during transmission and change data in files
Repudiation Delete a critical file and deny doing it; purchase a product and later deny doing it
Information disclosure Expose information in messages; expose code on Web sites
Denial of Service (DoS) Flood network with SYN packets; flood network with forged Internet Control Message Protocol (ICMP) packets (pings)
Elevation of privilege Exploit buffer overruns to gain system privileges; exploit the Local System account

Next: Planning a Change and Configuration Management Framework