First page Back Continue Last page Summary Graphics
Application Links (cont.)
Awareness
- This is the human part of system security. Automated tools are not perfect. You must watch the watchers. This is known as security auditing.
- Keep an eye on your internal system monitors. Update your tripwire or fcheck databases regularly to reflect authorized changes. It is easier to find bad changes if you keep updated.
- Watch your logs. Set up additional logging for forensics purposes. Watching logs is tedious, yet necessary.
- Deploy an ip logger to catch strange datagrams. Syslogd and klogd will not report half open (SYN) scans.
- Use a log checker like logcheck, logsurfer or swatch to manage your messages. Logs must still be checked, but these will give a snapshot.
Notes: