As part of good security management, it is important to retain the capacity to notice trends in behavior and usage of information systems, which allow us to notice changes proactively. A change in usage of a proxy server, memory usage, or CPU load may indicate something innocuous, such as a rise in user activity or a need for upgraded hardware, a hardware fault, or even malicious activity.
It is important, therefore, to establish a baseline for how our server behaves in order to be able to identify when a particular piece of behavior is out of the ordinary. IPCop aids us greatly here by providing us with graphical tools to monitor (and graph) statistics such as proxy connections and CPU usage. It is important for the security of your host that you regularly review these and account for any major blips or alterations in behavior.
The authors have been aware of several situations in which systems have been compromised and used...