Manualshelf

Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23
321322323324325326327328329330
Log files can help you detect erroneous or malicious behavior as it occurs. They can also tell
you how a problem or break-in occurred if you check them after noticing problems. There are
two main problems with log files: size and veracity.
If you set the criteria for detecting and logging problems at their most paranoid, you will end
up with massive logs that are very difficult to examine. To help with large log files, you really
need to either use an existing tool or derive some audit scripts from your security policy to
search the logs for interestingevents. The auditing process could occur in real-time, or could
be done periodically.
Log files are vulnerable to attack. If an intruder has root or administrator access to your sys-
tem, she is free to alter log files to cover her tracks. UNIX provides facilities to log events to a
separate machine. This would mean that a cracker would need to compromise at least two
machines to cover her tracks. Similar functionality is possible in NT, but not easily.
Your system administrator might do regular audits, but you might like to have an external audit
periodically to check the behavior of administrators.
Firewalls
Firewalls in networks are designed to separate your network from the wider world. In the same
way that firewalls in a building or a car stop fire from spreading into other compartments, net-
work firewalls stop chaos from spreading into your network.
A firewall is designed to protect machines on your network from outside attack. It filters and
denies traffic that does not meet its rules. It restricts the activities of people and machines out-
side the firewall.
Sometimes, a firewall is also used to restrict the activities of those within it. A firewall can
restrict the network protocols people can use, restrict the hosts they can connect to, or force
them to use a proxy server to keep bandwidth costs down.
A firewall could either be a hardware device, such as a router with filtering rules, or a software
program running on a machine. In any case, the firewall needs interfaces to two networks and a
set of rules. It monitors all traffic attempting to pass from one network to the other. If the traf-
fic meets the rules, it is routed across to the other network; otherwise, it is stopped or rejected.
Packets can be filtered by their type, source address, destination address, or port information.
Some packets will be merely discarded while certain events could trigger log entries or alarms.
E-commerce and Security
P
ART III
300
17 7842 CH13 3/6/01 3:36 PM Page 300