First page Back Continue Last page Summary Graphics
Internal Security
The goal of internal security is to watch critical files on the system for changes. One of the methods used by crackers is to replace critical files such as ps, ls, find, locate with versions that will hide the activities of the cracker (a rootkit attack). Programs such as Tripwire or AIDE will authenticate these files, so their replacement will be noticed. It is extremely important to set up and administer these programs properly to store copies of these databases offline, since if someone does get into the machine, he cannot access offline media from a remote location.
Notes: