Hi DU Admins
We've been subject to a record number of scans and attempted
breakins in the last week so I've been trying to beef up our
security.
We've used tripwire before but I notice in the Digital Software
Product Library (layered products) a product called "Polycenter
Security Intrusion Detector" for which we have a license via CSLG.
This seems to do much the same thing as tripwire - but in a
different way - and more. Whereas tripwire tries to detect
an intrusion after it's happened PSID tries to detect an intrusion
or other suspicious activity while it's in progress.
Is anyone using this product? Is it worth installing? What sort
of performance hit does it cause? Any hints or suggestions
regarding configuration?
One thing that concerns me is that PSID mails root and writes to
a log information about suspicious events. I'm worried that an
intruder who breaks in out of hours could remove those messages
and tamper with the logs before anyone arrived to check them.
Is there a way of guarding against that?
Thanks for any advice.
Ian
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
_/ Ian Mortimer _/
_/ ian_at_physics.uq.edu.au ,-_|\ Department of Physics _/
_/ Tel: +61 7 3365 3436 / *\ University of Queensland _/
_/ Fax: +61 7 3365 1242 \_,-._/ St. Lucia, Brisbane _/
_/ v Queensland, Australia 4072 _/
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
Disclaimer: Speaking only for myself.
Received on Wed Jul 08 1998 - 00:12:07 NZST