| Rich Freeman on 12 Jul 2011 05:56:28 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] "IT Security for Non-Dummies"? |
On Tue, Jul 12, 2011 at 8:37 AM, Doug Stewart <zamoose@gmail.com> wrote: > Another layer to the system could well > be a revision-controlled filesystem, in which SA's could run a VCS-style diff and see what files were changed and when. Expensive (performance-wise) and overkill for day-to-day operations, but it could be forensically invaluable. Only if half the processes on the system don't run with privileges capable of directly accessing the disk devices. I checked and right now my desktop has 153 processes running with UID=0, and any of those could directly manipulate any filesystem on the disk. And I'll ++ the suggestions to improve network security. Again, we put all our effort into border protection and have no protection inside. Just as any process running under my uid can hose any file in my home directory regardless of need, any PC on my employer's network can open connections to any other regardless of need. Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug