Re: preventing tampering with tripwire

From: Klaus Steden (klaus@compt.com)
Date: 06/19/02

• Next message: Maxlor: "Re: preventing tampering with tripwire"
• Previous message: Baldur Gislason: "Re: preventing tampering with tripwire"
• In reply to: Maxlor: "preventing tampering with tripwire"
• Next in thread: twig les: "Re: preventing tampering with tripwire"
• Reply: twig les: "Re: preventing tampering with tripwire"
• Reply: Eric F Crist: "RE: preventing tampering with tripwire"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 18 Jun 2002 19:49:59 -0400
From: Klaus Steden <klaus@compt.com>
To: Maxlor <mail@maxlor.com>

Read-only media is a good thing, too.

It may be overkill (in the case of security, is there such a thing, though?),
but you could re-purpose an old disk drive, add security tools you want to it,
and jumper it read-only. That wouldn't necessarily prevent your database from
being compromised, but your tools would be intact.

With a read-only disk, I would ...

- install the security tools you want on it
- generate any baseline configuration data and signatures
- make the disk physically read-only
- run your nightly cron jobs, comparing your daily results against your
read-only baseline.

Of course, every time you upgrade something, you'll have to unjumper the disk,
update your signatures, and rejumper it, but that's not really such a big
deal when compared with what else you might have to do. :>

Keeping known good copies of essential programs (ls, find, dd, netstat, route,
ifconfig, mv, cp, df, etc.) on the read-only media is a good idea, too.

You could accomplish this with CDROMs if you don't want to use a disk drive,
but you lose the option of rewritability.

hope this helps,
Klaus

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Maxlor: "Re: preventing tampering with tripwire"
• Previous message: Baldur Gislason: "Re: preventing tampering with tripwire"
• In reply to: Maxlor: "preventing tampering with tripwire"
• Next in thread: twig les: "Re: preventing tampering with tripwire"
• Reply: twig les: "Re: preventing tampering with tripwire"
• Reply: Eric F Crist: "RE: preventing tampering with tripwire"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Widely Used Security Solutions Unable To Prevent Data Theft ... Innersafe Corporation, a data security company. ... a text editor exposed protected data on a PC running disk ... "Data theft from a PC is surprisingly easy. ... Disk encryption scrambles data on the disk so it cannot be unscrambled ... (alt.privacy) Re: File on disk- encrypted or not? ... Failing the whole concept of security. ... Okay, so assume he uses a floppy Linux distro, like Tom's Root Boot ... disk, or a bootable CD-based distro, like Knoppix, instead. ... data off of the platters directly to bypass the HDD password, ... (comp.os.linux.security) Re: Best Practices for deploying Windows 2000 in Remote Sites ... Your server has system disk configured as mirror. ... Your server has hot-plug disks to speed up recovery, ... If you are intersted in security recommendation guides, ... (microsoft.public.win2000.setup_deployment) Re: Security Center icon missing from Control Panel after Malware ... Run disk clean up on your Drive. ... off our security center and Kasparsky Anitivirus. ... Center Icon is missing from the control panel. ... the following procedure will launch Windows Security Center. ... (microsoft.public.windowsxp.general) Re: Accessing Cluster Disks from a WEB Application ... I agree but unless there are something I am losing (Security Policies ... in your domain or whatever) authentication negotiation tries fisrt Kerberos ... > That's why when i access the cluster disk from Node1 i gain access to the ... (microsoft.public.windows.server.clustering)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)