Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Anti-Defacement Products...

From: Tommy Ward <tommy () securify com>
Date: Fri, 31 Mar 2000 11:30:18 -0800
The host based IDS which Haystack Labs had in 1997 did this.  I don't know
how much of the technology survived the TIS/NAI acquisition, or if
it has been updated at all.

Check with NAI to see if you can ferret out any details from the Cybercop
product line.



At 06:18 PM 3/23/00 -0500, Joseph S D Yao wrote:

On Tue, Feb 22, 2000 at 10:44:26AM -0800, Starkey, Kyle wrote:

I was thinking about defacement the other day and how to help automate a
response to this type of activity.  I understand that host based security
and network based security is the key, but what about response.  I am
looking for a product that could be used to make sure the page being
displayed was the real page.  Thoughts of encyting the page/code to get a
hash and storing it somewhere inside the enterprise, periodically the
webserver re-calcing the hash on the page stored locally and running a check
against a the stored copy secured in box on the inside.  I would also
envision the automatic posting of the original source back to the webserver
and alerts bieng generated to the security officer if the two hashes did not
match.  Does anyone know of any product that does something similar?  I was
hoping not to have to build this from scratch, but perhaps it will be my
little project.  Any thoughts about this project or software that might
already do this for me would be greatly appreciated...


Are you thinking of something as simple as running 'tripwire' on your
Web server daily?

If you are thinking of doing this remotely, how to distinguish when the
Web page legitimately changes?  What about "active" or "dynamic" pages,
whose content changes naturally?

;-)

-- 
Joe Yao                                jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                    EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.



*******************************************************************************
Tommy Ward                                                        V.P.
Consulting                      
650-812-9400 x4120                               tommy () securify com

                              <http://www.securify.com>
Previous By Date Next
Previous By Thread Next

Current thread: