IT decentralization clearly has increased the need for effective network security. In response, entities typically deploy several layers of information security technologies. Furthermore, due to technological and operational diversity, it is critical to have standard processes to control access that will permit economies of scale.
Network monitoring of packets to identify malformed packets and known attacks should be an entity’s Threat Management control objective. “Unauthorized access incidents are often preceded by reconnaissance activity to map hosts and services and to identify vulnerabilities.” Precursor exploits may include port scans, host scans, vulnerability scans, pings, trace-routes, DNS zone transfers, Operating System fingerprinting, and banner grabbing. Such unethical, if not unlawful, activities are discovered primarily through Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) software and secondarily through log analysis.
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.