Security Management Strategies for the CIOAccess "Detecting a Linux server hack"
This article is part of the February 2003 issue of Trustworthy yet? An inside look at what's changed after a year of Microsoft Trustworthy Computing
Q: How can I determine if my Linux server has been hacked? How can I be sure that I haven't been hacked? -G.C. A: Being hacked is a lot like being haunted--odd things are afoot that you may or may not notice. That said, simple observation is the easiest way to detect when it's happened. For example, extra users running around your system--from the obvious second superuser root account to the "sneaky john" account that you never created--are easy to spot if you're keeping an eye on things. You might also observe file changes that you never made, or programs running that you never started--such as a sniffer, an IRC program or a file-sharing program. Beyond simple observation, my first tool of choice for detecting server intrusions is the freeware Linux version of Tripwire, which checks files to see if they've been altered, either in their contents or metadata (ownership, permissions, etc.). Tripwire's an excellent tool for detecting break-ins, which often involve changes to "critical" system files. You have to run Tripwire at least once to generate a baseline ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Microsoft security improving, while Trustworthy security lacks effort
by Lawrence M. Walsh
Microsoft is making significant strides to clean up its security mess, but Trustworthy Computing still has a long way to go.
-
Microsoft's internal auditor discusses the company's IT security outlook
Scott Charney is Microsoft's internal auditor, see what he and his team control.
-
NetIQ's five-point security architecture
Even with expanded support and agents, NetIQ's SIM product remains a Windows-centric solution.
-
Microsoft security improving, while Trustworthy security lacks effort
by Lawrence M. Walsh
-
-
Microsoft Security Response Center revamps its patch processes
Microsoft Security Response Center revamps its advisory and patch processes.
-
Profile: Symantec CEO John Thompson
Symantec's CEO breaks business and cultural barriers in his drive to build a security superpower.
-
How to address enterprise IT security concerns with executives
Five tips to win friends and influence C-level execs in your organization.
-
Microsoft Security Response Center revamps its patch processes
-
Columns
-
Next-generation security awareness training
by Andrew Briney
Put your posters and buttons away. A more effective solution is at your fingertips.
-
Hacking in 2003: Examining this year's hacking techniques
A look at the foibles, follies and felons of infosec in 2003.
-
Using HoneyD configurations to build honeypot systems
by Marcus J. Ranum, Contributor
Spoofing, diversion and obfuscation are all part of honeyd's powerful arsenal.
-
Detecting a Linux server hack
by Jay Beale, Contributor
Learn how to detect if your Linux server have been hacked or compromised.
-
Tips and tricks for IDS deployment best practices
by Jack Danahy, Contributor
Intrusion detection remains an over-hyped technology because most companies have no idea what to do with it.
-
Next-generation security awareness training
by Andrew Briney
More Premium Content Accessible For Free
Next-generation firewalls play by new rules
E-Zine
Firewalls started their journey to the next generation at about the same time as the Star Trek TV series. While the products have advanced with ...
Developing your endpoint security management transition plan
E-Handbook
This TechGuide will help you develop your endpoint security management transition plan. Articles focus on overcoming the challenges of Web-based ...
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...