The previous chapter looked at ways to continuously monitor the system for problems; here you design periodic scans to find problems. The difference is that some things can be done continuously without significant system or human overhead. Other items have too much overhead to do continuously. You probably have some additional ideas that will be helpful. Certainly, Tripwire is very helpful but on a system with many changing files, cracker-induced changes can be lost among expected changes. The topics covered in this chapter include:
|
Top |