 Warning Signs For Proactive Systems
Just because a system is proactive doesn't mean that everything is perfect. As with any other security system, you need to take certain steps to avoid would-be hackers. To address this concern, Haystack Labs' WebStalker Pro provides a feature called "jumper protection." Jumpers are people who use your site to mask their activity. They telnet into your site and then telnet out to another site. The other site is then hacked, with your site listed in the logs as the source of the crime. If administrators from that remote site track their break-in back to your site, legal problems may arise.
WebStalker Pro deals with this problem
simply by watching
all normal outgoing connections (via telnet, rlogin and rsh). Here is an example of what
was caught when we tested this feature:
> telnet remotemachine.somewhere.else.com
However, we found that this will not be caught:
> cd /tmp
> cp /usr/bin/telnet blah
> ./blah remotemachine.somewhere.else.com
In this instance, you are more than likely looking at all of the logins to your system and the hacker has most likely already set off a login alarm. In either case, having WebStalker Pro does not make it easy for someone to compromise your security. Since neither Siemens Nixdorf Information Ltd.'s Trusted Web nor Trusted Information Systems' Gauntlet ForceField offer any type of proactive security, these products cannot monitor this activity.
| 
RSS
