[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: You got some 'splaininn to do Lucy ;-)
- From: Crispin Cowan <crispin cse ogi edu>
- To: linux-security redhat com
- Subject: [linux-security] Re: You got some 'splaininn to do Lucy ;-)
- Date: Sat, 31 Jul 1999 01:28:29 +0000
John Summerfield wrote:
> > This has been my personal experience. My Linux and FreeBSD boxes are very
> > secure never had a single problem. The Win machines I'm amazed when they
>
> Without an audit trail, how would you know?
>
> Some versions of BIND had a bug allowed hackers root access. Other than
> BIND mysteriously crashing, you'd never know it happened. Someone could
> have made of with a copy of some sensitive information without you every
> knowing it had been accessed: with an audit trail, you might at least
> discover it had been read by someone who shouldn't.
While it is true that you need *some* kind of host-based intrusion detection to
know that your host has been secure, it is not true that you need Orange Book
Auditing[tm] to do intrusion detection. Counter-example: if you used Tripwire
to periodically check the integrity of your host, then you could detect
intrusions without Orange Book style auditing.
Caveat: I mean use Tripwire *properly*. Don't bother whining about the myriad
ways it can be used improperly, that's not the point :-)
Crispin
-----
Crispin Cowan, Research Assistant Professor of Computer Science, OGI
NEW: Protect Your Linux Host with StackGuard'd Programs :FREE
http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]