Re: RFC- Enforcing Computer Policy

Kirk (kirk@uow.edu.au)
Mon, 15 Aug 1994 09:35:22 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Todd Glassey - Lan Systems Administrator : "Re: Introduction"
Previous message: tlunt@ARPA.MIL: "Re: RFC- Enforcing Computer Policy"
Maybe in reply to: Justin Lister: "RFC- Enforcing Computer Policy"

 David Keirsey writes,
 >  
 >  There is a third direction in intrusion detection.  This direction or
 >  technique  different from the two outlined above because it doesn't try to
 >  detect patterns or behaviors.  The technique might be loosely called
 >  Self-Nonself Discrimination. (This is from [Forrest et al 94]). This
 >  technique is to identify critical parts of the network/os software that
 >  should not be changed and then signal when they do change.  I think your
 >  suggestions in your verification step (5) are along these lines.  The
 >  TRIPWIRE software is a good example of a simple tool of this type of
 >  technique.
 >  
 >  Discrimination in a Computer", Proceedings of 1994 IEEE Symposium on
 >  Research in Security and Privacy (in Press)
 >  
 >  
 >  

Solaris2.X has a similar package called ASET (Automated Security Enhancment 
Tool) which does this but also checks the content of important system files.

Kirk.

Next message: Todd Glassey - Lan Systems Administrator : "Re: Introduction"
Previous message: tlunt@ARPA.MIL: "Re: RFC- Enforcing Computer Policy"
Maybe in reply to: Justin Lister: "RFC- Enforcing Computer Policy"