Audit Trails Are Vital For Post-Compromise Investigations

    Date07 Nov 2002
    3202
    Posted ByAnthony Pell
    When your machine is cracked[1] it's a good idea to figure out exactly what happened. If you don't know what was or who was on your machine, there's little chance you can ascertain what occurred to breach the security. Regardless of . . . When your machine is cracked[1] it's a good idea to figure out exactly what happened. If you don't know what was or who was on your machine, there's little chance you can ascertain what occurred to breach the security. Regardless of your post-compromise preference (fixing the problem or reinstalling from scratch) it's imperative that you understand what happened. If you end up leaving the exact same vulnerability open, you haven't fixed anything.

    For example, I once consulted at a pharmecutical company that was required by FDA regulations to keep detailed paper logs of every piece of software installed, every configuration change, ever user added or removed. While most of us grumbled about the annoyance of doing so, it made it absolutely clear what the state of a machine was over time, which made it easier to correlate problems with configuration changes, and find other bugs created by users^H^H^H^H misconfiguration.

    Unfortunately, most folks don't have the time or energy to list everything they do to a system. However there are many steps you can take to make things more automated.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.