[BBLISA] Question about Network analysis tools

[miah]

> Anyway, I use nmap for scanning.  But I would say that you would be better 
> off using netstat -an on the system you are about to deploy.  And using an 
> ip filtering system to limit it to those that you intend to use. There are 
> other measures you can take, as well.

Sure, if its a verifyable netstat. Not that a lkm couldn't 'hide' a 'open port' from certain ips.  But its definately a start, and much better than doing nothing.  Network based security auditing should go hand in hand with host based auditing.

-miah