Chapter 12: System Monitoring

Previous page
Table of content
Next page

Overview

The administrator's initial task is to install the system, properly assign access rights, and configure all necessary services. This done, many administrators believe their duty is fulfilled, and they start chasing monsters in the virtual dungeons of whatever version of Doom they have. If you are among these administrators, sooner or later your system will be hacked and you will face the music for letting this happen.

To reduce the chances of unauthorized outside entry or to secure yourself from nefarious users of your own network, you have to maintain continuous control over your server. The majority of successful break-ins are successful because the administrators do not update some service or do not install patches on time. Hackers often learn about a new vulnerability and start hacking all servers they run across with this vulnerability.

A good administrator can and should learn about vulnerabilities affecting his or her server before hackers do, and take whatever steps are necessary to prevent any potential attack exploiting these vulnerabilities. To this end, administrators should monitor their system and conduct vulnerability checks regularly. After penetrating the system, hackers sometimes do not reveal themselves by any actions for a long time. You should be able to unearth these moles and kick them out of the system before they do any harm.

If you have been hacked, your task is not just to recover gracefully but also to prevent this from happening again. I have seen many administrators who after a break-in simply restore deleted files and continue in the same way, hoping that lightning will not strike in the same place twice. This is mistake, because unlike lightning, a computer hacked into once is much more likely to be hacked into again; the hacker already knows how to enter the system and move around it.

So instead of hoping that the hacker had all the fun he or she wanted and will not return, you should take for granted that the hacker will return and have a proper reception party prepared. Find out as much information as possible about the hacker, the ways used to penetrate the system, and how you might block the attack. You also have to peruse the latest Bugtraq lists for information about bugs in your operating system and services installed.

Do no wait until you have a hacker in your system. In this chapter, I will consider measures to enhance system security that you can undertake before and after your system is hacked.

Hackers sometimes leave back doors (e.g., setting the SUID bit of a program that is not supposed to be set), and you should regularly conduct security sweeps of the system as described in the ensuing material. It is especially applicable right after installing and initially configuring the operating system, installing new application software, updating the system software, or experiencing a break-in.


Previous page
Table of content
Next page
Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141
Authors: Michael Flenov
BUY ON AMAZON
Adobe After Effects 7.0 Studio Techniques
Developing Tablet PC Applications (Charles River Media Programming)
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Microsoft VBScript Professional Projects
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy