Application Links (cont.)

• Awareness

  • This is the human part of system security. Automated tools are not perfect. Watch the watchers. This is known as security auditing.
    • Keep an eye on your internal system monitors. Update your tripwire or fcheck databases regularly to reflect authorized changes. It is easier to find bad changes if you keep updated.
    • Watch your logs. Set up additional logging for forensics purposes. Watching logs is tedious, yet necessary.
      • Deploy an ip logger to catch strange datagrams. Syslogd and klogd will not report half open (SYN) scans.
      • Use a log checker like logcheck or logsurfer to manage your messages. Logs must still be checked, but these will give a snapshot.

Notes: