The saying goes, "Eternal vigilance is the price of liberty." Something similar is true in computer security. It's not enough to create good passwords, eliminate unnecessary servers, configure a firewall, and so on, as described in Chapter 18, "System Security," and Chapter 20, "Controlling Network Access." You must be alert to signs of trouble—subtle or not-so-subtle clues that an intruder might be using your system. To some extent, you can detect intruders because they're often clumsy and leave traces that nobody can miss, such as broken servers. You shouldn't work on the assumption that a cracker will be so incompetent as to leave a figurative sign reading "you've been had" on your computer, though. Tools exist to help detect somewhat more competent miscreants. One of the most popular of these is Tripwire, which enables you to check for alterations in critical system files. Another tool is chkrootkit, which scans your system for known root kits—software packages crackers use to acquire root privileges. Finally, if you discover that your system has been compromised, you should know how to proceed—what to do (and what not to do) to fix your system and not make matters worse.

Team LiB

0 0

Post a comment