|
Presentations
- Today: Kali Lewis, Don Chalfant
- More war-related security discussion topics:
hactivism and Web-site
defacement.
- Does it have an impact?
- Are the people who commit such defacements really a risk?
- How should caught offenders be treated?
From last time
For today: File integrity checking
- Why? Intruders and other persons/events may change
system software. How will you know what's been changed?
- Where? Set up monitoring on important system files, and
check frequently (usually daily) for changes.
Tools:
- Tripwire was one of the original tools for this which now
has a commercial version. There
are two spin-offs likely to be of greater interest:
- Academic
Source Release which has not been actively maintained for several
years, so not tuned for modern system configurations.
- Tripwire
is also an open source project at sourceforge, but the most recent
update was 2 years ago.
- Integrit
is similar to Tripwire in many ways, but independently developed and
with some different approaches. Integrit installation and steps
are here.
|