Chapter 12. All Along the Watchtower

Chapter 12. All Along the Watchtower

Question: I was sitting at home, minding my own business, when one day a bunch of police, state troopers, FBI agents, ATF agents , postal inspectors, and the Publisher's Clearinghouse prize patrol came into my house and took all my computers. Apparently, my computers had been used without my knowledge to launch a denial-of-service attack, completely blocking all access to the official Britney Spears homepage. While I am embarassed that I didn't think of doing that myself , I would have had the sense not to do that from my own computers. How can I see to it that no one uses my network in this way?

Answer: The first and simplest answer is don't have your network connected to the Internet. To some extent we tell you how to do that in Chapter 3 on firewalling. The next best answer is to know as soon as possible when miscreants come padding around your network interfaces. This chapter and the next one cover the topic of intrusion detection.

In this chapter we look at an intrusion-detection tool called Tripwire, which can detect changes to important system configuration files, files an attacker would be likely to manipulate both to hide the intrusion and to open up additional access.