user

Intrusion detection devices are an integral part of any network. The Internet is constantly evolving, and new vulnerabilities and exploits are found regularly. They provide an additional level of protection to detect the presence of an intruder, and help to provide accoutability for the attacker’s actions. The snort network intrusion detection tool performs real-time traffic

Tripwire is a program that monitors file integrity by maintaining a database of cryptographic signatures for programs and configuration files installed on the system, and reports changes in any of these files. A database of checksums and other characteristics for the files listed in the configuration file is created. Each subsequent run compares any differences

Frequently used to monitor and control access to services listed in /etc/inetd.conf. The in.ftpd service might be wrapped using: ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -L -i -o Before the in.telnetd daemon is spawned, tcpd first determines if the source is a permitted host. Connection attempts are sent to syslogd. All services should

The syslogd is responsible for capturing logging information generated by system processes. The klogd is responsible for capturing logging information generated by the kernel. System logs provide the primary indication of a potential problem. • Fine-tune the default /etc/syslog.conf to send log information to specific files for easier analysis. # Monitor authentication attempts auth.*;authpriv.* /var/log/authlog

OpenSSH is a replacement for telnet and ftp that eliminates eavesdropping, connection hijacking, and encrypts all communication between hosts. One of the most indepensible free security tools in existence. • Install the OpenSSH and OpenSSL Packages: openssh-<current-version>.rpm openssh-server-<current-version>.rpm openssh-clients-<current-version>.rpm openssl-<current-version>.rpm • Generate Public/Private Key Pair: OpenSSH uses public key cryptography to provide secure authorization. Generating