-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 12 July 2006 21:07, you wrote:
> Proof is actually somewhat difficult to prove in court but outside of the
> legal aspects, using something like a network traffic analyzer and a host
> based IDS such as tripwire
Thanks for responding. I dont think TW can do more than detect modification.
I'm trying to get around to checking out some of the stuff i've d/l'd over the
years:
[EMAIL PROTECTED]:ls /usr/local/Src/SYSTEM/SECURE/
AdvIntrusionDetectSys Kismet nmap-3.00
rkhunter-1.2.3.tar.gz
Aide kismet-2004-04-R1 nmap-3.00.tgz
rkhunter-1.2.4.tar.gz
Apf kstat.readme nstreams
Samhain
beltane-for-samhain-1.0.9.tar.gz kstat.readme~ openssl-0.9.6.tar
samhain-current.tar.gz
CoyoteFW libnasl Pdump
samhain_docs
DevilLinux LibSafe pgpcrack.tar
samhain_monitor_applet-1.2.tar.gz
Easy_FwIpchains libsafe-2.0-14 pgp-patcher-bin.tar
samhain.readme
Ettercap lsh-1.5.tgz ports.tgz Snort
F-SecureAntiVirus MitM_otu procps-2.0.3 Swatch
ipcop-source-1.4.10 Nessus psad-0.9.8
Tripwire
and I'll keep the group informed of progress if interested.
> would provide sufficient logs of suspicious
> activity. You can also use MAC time information of the file (more difficult
> if there are many users).
Plz describe "MAC time information"
> Using several tools would be the best way, just
> ensure the data from the tool is stored securely and that time is
> synchronized on all systems to make comparisons easier.
Good point, thanks.
> Network analysis
> would require monitoring ALL traffic which can be very difficult to do but
> some companies do it.
Monitoring ALL traffic how? Besides packet traffic? I think what i'm looking for
is a way of monitoring behavior.
Rion
>
> Chris
>
> On 7/12/06, Rion D'Luz <[EMAIL PROTECTED]> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello all:
> >
> > Any opinion on the best way to monitor the file transfers and|or
> > general activities ofa user w/out going to the extreme of keylogging
> > etc.?
> > What is|are the most effective and|or least intrusive options?
> > For instance:
> > joedokes works for acme.widget and has auth access to sensitive
> > information, both in file and db format; each accessed remotely from
> > servers
> > as such. What can be done to insure that if joe decides to x-fer the
> > company jewels to his local machine that it is audited and can be used
> > as proof?
> > TIA
> > RIon
> > - --
> >
> >
> > Beware when truth is called treason
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2 (GNU/Linux)
> >
> > iD8DBQFEtYyj94WPEVwn1ncRAhboAJ9Hi3Z2QsWaVFMiAZm4BK9sd5xT0QCgh88/
> > zBGY+mcVMvdFxF1TZjoEcC8=
> > =MqUR
> > -----END PGP SIGNATURE-----
- --
3010 Rte 109
Waterville, VT 05492
email: rion_at_dluz.com
web: http://dluz.com/Rion/
Phone: 802.644.2255
L I N U X .~.
Choice /V\
of a GNU /( )\
Generation ^^-^^
POSIX
RULES
http://vague.name
A corporation is like a tree full of monkeys.
The monkeys at the top look down and see nothing but smiling faces.
The monkeys at the bottom look up and see nothing but assholes.
Under capitalism man exploits man.
Under communism it's the other way around.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEtwjd94WPEVwn1ncRAhKiAKCsGZC9aKc4tVLODc7b9tyUpPTTKwCgliD7
wS84pgTfuA5d0+O02wXAiwo=
=CGbA
-----END PGP SIGNATURE-----
