Re: security idea - bootable CD to check your system
Jim Popovitch wrote:
OK, this would work. The problem for me is that it would involve turning
the media r/w and updating the database every time I run apt-get to
install security updates, which I do once a week. If I was running a
large server farm and I was looking after it full time, this would be
OK, but my situation is that I have two machines, both for personal use,
and I don't want to have to devote my entire life to looking after the
security on them. The machines are a laptop for general use, and a
server which I use for testing and demonstrating small web-based
projects I do for people on a voluntary basis. They are connected to the
internet by ADSL, with only the server set to accept incoming connections.
On Sun, 2007-06-24 at 16:50 +0100, andy baxter wrote:
The difference is that:
a) These all run on the live system they are trying to protect,
Unless you configure them to only write to an offline mount point that
is normally ro and only rw through external effort.... which is in
Tripwire's best practices.
The other night, I had my laptop switched on and a sound file I had
never heard before played through the speaker (it said 'hello' in
someone else's voice). I'm assuming I've been cracked and it was
someone's idea of a joke. I've halted the server in case that was their
way in, and I'm planning to reinstall both my machines this week, but
also looking for a more long term solution which I could put some time
into now and save myself and anyone else who wants to use it a lot of
trouble in the future.
What I'm looking for is a solution where I can do security updates every
week, as my first line of defence, but then have a fallback way of
detecting intrusions which I could run maybe every month, which doesn't
need too much work to keep on top of it once it's been set up. I can
probably find ways of improving my security using existing tools, but it
occurred to me that the system I described would be a pretty watertight
check on whether a system has been cracked, which is what I'm looking for.