I’m setting up a cyber infrastructure for the first time and setting up my firewall and analyzing my traffic to ID patterns.
What is some advice you can give me about common signs of nefarious acts?
For example, traffic attempting to access the admin login page.
What about traffic that visits your IP address as opposed to your domain name? Is that indicative of a bot vs human user?
Any and all tips or resources you can point me to would be greatly appreciated!