search

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 39

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
  • Pagina
    / 82
  • Indice
  • SEGNALIBRI
    • Valutato. / 5. Basato su recensioni clienti
Vedere la pagina 38
6. Intrusion Detection
This section will deal with how to get early warning, how to be alerted after the fact, and how to clean up
from intrusion attempts.
6.1. Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS for short) are designed to catch what might have gotten past the firewall.
They can either be designed to catch an active break−in attempt in progress, or to detect a successful
break−in after the fact. In the latter case, it is too late to prevent any damage, but at least we have early
awareness of a problem. There are two basic types of IDS: those protecting networks, and those protecting
individual hosts.
For host based IDS, this is done with utilities that monitor the filesystem for changes. System files that have
changed in some way, but should not change −− unless we did it −− are a dead give away that something is
amiss. Anyone who gets in, and gets root, will presumably make changes to the system somewhere. This is
usually the very first thing done. Either so he can get back in through a backdoor, or to launch an attack
against someone else. In which case, he has to change or add files to the system.
This is where tools like tripwire (http://www.tripwire.org) play a role. Tripwire is included beginning with
Red Hat 7.0. Such tools monitor various aspects of the filesystem, and compare them against a stored
database. And can be configured to send an alert if any changes are detected. Such tools should only be
installed on a known "clean" system.
For home desktops and home LANs, this is probably not an absolutely necessary component of an overall
security strategy. But it does give peace of mind, and certainly does have its place. So as to priorities, make
sure the Steps 1, 2 and 3 above are implemented and verified to be sound, before delving into this.
We can get somewhat the same results with rpm −Va, which will verify all packages, but without all the
same functionality. For instance, it will not notice new files added to most directories. Nor will it detect files
that have had the extended attributes changed (e.g. chattr +i, man chattr and man lsattr). For this to be
helpful, it needs to be done after a clean install, and then each time any packages are upgraded or added.
Example:
# rpm −Va > /root/system.checked
Then we have a stored system snapshot that we can refer back to.
Another idea is to run chkrootkit (http://www.chkrootkit.org/) as a weekly cron job. This will detect
common "rootkits".
6.2. Have I Been Hacked?
Maybe you are reading this because you've noticed something "odd" about your system, and are suspicious
that someone was gotten in? This can be a clue.
6. Intrusion Detection 36
Vedere la pagina 38
1 2 ... 34 35 36 37 38 39 40 41 42 43 44 ... 81 82

Commenti su questo manuale

Nessun commento
  • Nu-Flame RainSoft KUDA Digital Spectrum Solutions Rehau
  • Manhattan Carte audio Lenovo Stampanti laser/LED Gateway Networking Gefen Convertitori video Fagor Pentole a pressione
  • Acer Aspire 7230 Cino FA470 Electrolux EWW1697MDW Philips SPF1017/10 Electrolux Z9122
  • Holley 950 Manuale Utente Canon i-SENSYS LBP151dw Manuale Utente Foredom K.1070 Manuale Utente Jvc HD-P70R1U Manuale Utente Indesit DFG 15B10 EU Istruzioni per l'uso