Prints and Fibers

Previous page
Table of content
Next page

Prints and Fibers

Just as a murderer will leave behind prints and fibers, most network host security compromisers will leave some evidence behind. Automated "exploits" combine the compromise, obfuscation, and entrenchment phases.

The emergence of these scripted attacks makes it much more difficult to detect an intrusion. Before these tools were developed, there was a considerable lag between the compromise of the system and the manipulation of system and log files to hide the attackers ' presence. Nowadays mere seconds or even milliseconds may separate these events.

Obviously it becomes very important to know when these critical system files change, who changed them, and why. Often this is the only way to tell a compromise has occurred. What you need is the computer equivalent of a forensics expert, someone who can recover the prints and fibers of the scripted network-based system compromise. That expert is Tripwire. In this chapter we will introduce this tool and show you a little of how it works and how it can help you improve the security of your Linux system.

 


Previous page
Table of content
Next page
Multitool Linux. Practical Uses for Open Source Software
Multitool Linux: Practical Uses for Open Source Software
ISBN: 0201734206
EAN: 2147483647
Year: 2002
Pages: 257
Authors: Michael Schwarz, Jeremy Anderson, Peter Curtis, Steven Murphy
BUY ON AMAZON
Qshell for iSeries
Image Processing with LabVIEW and IMAQ Vision
A Practitioners Guide to Software Test Design
An Introduction to Design Patterns in C++ with Qt 4
GO! with Microsoft Office 2003 Brief (2nd Edition)
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy