Once you have deployed a Unix server on a network, it is important that you manage it securely. You should periodically monitor your server and the network for potential problems or abuse. Most network topologies provide three locations for monitoring:
You can monitor on the hosts themselves, either by monitoring the packets as they enter or leave the system, or by monitoring servers that are running on the system.
You can monitor the local area network. If you have an Ethernet hub on your network, you can monitor by attaching another computer to the hub that is running a network monitor or packet sniffer. If you have a switched network, you will need to create a mirror port or monitor point.
You can monitor information entering or leaving your network at the point where your network connects to other networks.
Most monitoring involves one or at most two of these systems; the most secure networks combine all three.
You may also wish to employ other methods, such as network scanning, to detect vulnerabilities before attackers do so.
You can use the netstat command to list all of the active and pending TCP/IP connections between your machine and every other machine on the Internet. This command is very important if you suspect that somebody is breaking into your computer or using your computer to break into another one. netstat lets you see which machines your machine is talking to over the network. The command’s output ...