Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

F E A T U R E

Are You Vulnerable?

June 26, 2003
By Greg Shipley

>> continued from previous page

Slipping Under the Radar

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Tools of the Trade
	You May Ask Yourself...
	Executive Summary
	Critical Steps
	Slipping Under the Radar
	Epoll Results

Application and operating system vulnerabilities pose obvious threats, but an often-overlooked problem is "pilot error"--mistakes made by technical staff during general day-to-day operations. Examples of pilot error include botched firewall entries, forgotten steps in router configurations and the inadvertent addition of a user to a privileged group. These mistakes are typically accidental, but the occasional intentional "internal bypass" is not all that uncommon.

Tripwire compares current config to previously generated databases

click to enlarge

One way to combat these less-visible threats to your security is to implement robust change-control procedures and audit the process using intelligent change-control monitoring software. Products such as Tripwire for Network Devices or Tripwire for Servers let organizations automate the process of "snap-shotting" system and device configurations and identifying configuration changes--changes that may include accidental or unauthorized modifications, even those made by malicious intruders (see screenshot).