An effective method for identifying security attacks on a network, baselining starts by measuring normal activity on a network or network device. That measurement is used as threshold, or baseline, to detect unusual patterns or changes in levels of activity. With this method, the security expert can focus efforts on evaluating anomalies instead of looking for them by reviewing huge log files.
Some commonly baselined security events are:
• initiation and termination of network sessions,
• bandwidth use,
• user logins and logouts,
• failed logins, and
• rates and types of network traffic.
The term is also used to refer to other security practices. A baseline, or security baseline often refers to an organizational standard for securely configuring network devices.
It can also refer to the results of an organization’s first security assessment. This becomes the baseline against which the organization measures improvements and changes.