Jay D. Dyson writes: > On Wed, 21 Nov 2001 [EMAIL PROTECTED] wrote: > > > But this doesn't really address the question. Certainly you take > > various precautions. The question is: how can I know if the system is > > compromised? > > There's a wealth of utilities that can indicate system compromise. > These tools range from Tripwire to the Advanced Intrusion Detection > Environment (AIDE), plus a range of network sniffing utilities that can be > configured to look for unusual traffic. There's also the CryptoFileSystem > that precludes the Great Forces of Malevolence from sneaking things onto > your drive without your knowledge.
Thanks. > All of these security-enhancing features must be predicated by > cradle-to-grave security, though. That means trusted installation of a > trusted OS from a trusted source on a trusted, non-networked box. Coupled > with that is assured physical security of the system by tamper-evident > systems. I assume you mean non-networked at installation time, not afterwards. > In the final analysis, there's no substitute for simple human > vigilance and a healthy amount of paranoia. Not one of these tools are of > any use if you have a user at the helm who will gleefully download and > execute the latest trojan horse. I'm not entirely sure I believe that last statement. Let's say I have a tripwire-like system, but the process is constantly running. So you cannot compromise the code on disk in a useful fashion. What can a trojan actually do without being detected? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]