Integrity Monitors
An integrity monitor watches key system structures for change. For example, a basic integrity monitor uses system files or registry keys as “bait” to track changes by an intruder. Although limited, integrity monitors can add an additional layer of protection to other forms of intrusion detection.
The most popular integrity monitor is Tripwire (http://www.tripwire.com). Tripwire is available both for Windows and Unix, and can monitor a number of attributes, including the following:
File additions, deletions or modifications
File flags (hidden, read-only, archive, and so on)
Last access time
Last write time
Create time
File size
Hash checking
Tripwire can be customized to your network’s individual characteristics. In fact, you can ...
Get Maximum Wireless Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
