Section 19.8 Planting False Data

19.8 Planting False Data

Once the cracker has gotten control of your system he can read any file, alter any file, create any new file, and remove any file, all without your knowing it. Even if you use a strong encryption algorithm that even the NSA would have difficulty breaking and allow unencrypted sensitive information only in memory, he simply reads the unencrypted data from memory. This is not hard for a good cracker to do. The best crackers will leave no trace of their intrusion.

Your confidential company plans, details on your customers, financial data (including bank and credit card numbers and passwords), orders, Web pages, resumes, confidential documents relating to legal matters, etc. all can be read or even altered. The potential cost to you could be rather substantial. This is why it is so important to have a defense that is hard to penetrate and that, if it is penetrated, is detected quickly. Also, it is why having intrusion attempts activate SysAdmins' pagers, remote logging, and a prepared detailed plan of action is so valuable.

Frequently, a cracker will probe for known vulnerabilities until she finds one. If you detect her first by detecting such probing, you can stop her.