To keep your system secure, be proactive: test for security holes and monitor for unusual activity. If you don't keep watch for break-ins, you may wake up one day to find your systems totally hacked and owned, which is no party. In this chapter we cover useful tools and techniques for testing and monitoring your system, in the following areas: - Logins and passwords
-
Testing password strength, locating accounts with no password, and tracking suspicious login activity - Filesystems
-
Searching them for weak security, and looking for rootkits - Networking
-
Looking for open ports, observing local network use, packet-sniffing, tracing network processes, and detecting intrusions - Logging
-
Reading your system logs, writing log entries from various languages, configuring syslogd, and rotating log files We must emphasize that our discussion of network monitoring and intrusion detection is fairly basic. Our recipes will get you started, but these important topics are complex, with no easy, turnkey solutions. You may wish to investigate additional resources for these purposes, such as: Computer Incident Advisory Capability (CIAC) Network Monitoring Tools page: http://ciac.llnl.gov/ciac/ToolsUnixNetMon.html Stanford Linear Accelerator (SLAC) Network Monitoring Tools page: http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html National Institutes of Health "Network and Network Monitoring Software" page: http://www.alw.nih.gov/Security/prog-network.html Setting Up a Network Monitoring Console: http://com.pp.asu.edu/support/nmc/nmcdocs/nmc.html Insecure.org's top 50 security tools: http://www.insecure.org/tools.html |