• Choose a category
• All
• Classic-Fiction

You can find information on any Linux command through a number of utilities inherent in Linux:

■ The man tool offers pages on each utility. For example, to find information about the setfacl tool, you can type mansetfacl.

■ Most utilities have the built-in option of—help to offer information. From the command line, you can type setfacl—help to see a quick list of available options.

■ The info utility shows the man pages as well.

■ The whatis utility can show if there is more than one set of documentation on the system for the utility.

■ The whereis utility lists all the information it can find about locations associated with a file.

■ The apropos utility uses the whatis database to find values and returns the short summary information.

In the original Walking Tall movies, the sheriff put small strips of clear tape on the hood of his car. Before getting in the vehicle, he would check the difficult-to-detect tape to see if it was broken—if it was, it tipped him off that someone had been messing beneath the hood, and that saved his life. Do you have clear tape on your network?

Intrusion detection systems (IDSs) are becoming integral parts of network monitoring. IDS is a relatively new technology, and it shows a lot of promise in helping to detect network intrusions. Intrusion detection (ID) is the process of monitoring events in a system or network to determine if an intrusion is occurring. An intrusion is defined as any activity or action that attempts to undermine or compromise the confidentiality, integrity, or availability of resources. Firewalls, as you may recall, were designed to prevent access to resources by an attacker. An IDS reports and monitors intrusion attempts.

It should be inherently understood that every network, regardless of size, should utilize a firewall. On a home-based network, a personal software firewall can be implemented to provide protection against attacks.

Several key terms are necessary to explain the technology and facilitate the discussion in this section:

Activity An activity is an element of a data source that is of interest to the operator. This could include a specific occurrence of a type of activity that is suspicious. An example might be a TCP connection request that occurs repeatedly from the same IP address.

Administrator The administrator is the person responsible for setting the security policy for an organization. They’re responsible for making decisions about the deployment and configuration of the IDS. The administrator should make decisions regarding alarm levels, historical logging, and session monitoring capabilities. They’re also responsible for determining the appropriate responses to attacks and ensuring that those responses are carried out.

Most organizations have an escalation chart. The administrator is rarely at the top of the chart but is always expected to be the one doing the most to keep incidents under control.

Alert An alert is a message from the analyzer indicating that an event of interest has occurred. The alert contains information about the activity as well as specifics of the occurrence. An alert may be generated when an excessive amount of Internet Control Message Protocol (ICMP) traffic is occurring or when repeated logon attempts are failing. A certain level of traffic is normal for a network. Alerts occur when activities of a certain type exceed a preset threshold. For instance, you might want to generate an alert every time someone from inside your network pings the outside using the Ping program.

Analyzer The analyzer is the component or process that analyzes the data collected by the sensor. It looks for suspicious activity among all the data collected. Analyzers work by monitoring events and determining whether unusual activities are occurring, or they can use a rule-based process that is established when the IDS is configured.

Data source The data source is the raw information