Re: Need Security Help
- From: "Sebastian G." <seppi@xxxxxxxxx>
- Date: Wed, 04 Jul 2007 00:53:43 +0200
Todd H. wrote:
And the only way you can be relatively sure you're okay is to have
something like tripwire being installed soon after your original
(trusted) build, doing file signature, so you know what's changed--and
which is what is more challenging--no what's supposed to change and
what's not.
I just wondered how Tripwire has changed. In earlier times, it hooked
various FSCTL and IOCTL handlers to trigger rescans only if it noticed any
file changes with the change itself already tripping an alert. Same for
Windows with receiving file change notifications. Now it runs a full compare
on a regular schedule, which is a highly imperformant and delayed way of
doing this job. What has happened? Too many dudes running with root
privileges, thus rendering this check potentially insecure?
.
- References:
- Re: Need Security Help
- From: Lumpjaw
- Re: Need Security Help
- From: Todd H.
- Re: Need Security Help
- Prev by Date: Re: Need Security Help
- Next by Date: Do I Need More Memory ?
- Previous by thread: Re: Need Security Help
- Next by thread: Re: Need Security Help
- Index(es):
