+++ Thomas Ribbrock [RedHat] [Fri, Oct 18, 2002 at 12:12:33PM +0200]:
> On Fri, Oct 18, 2002 at 10:04:46AM +0100, Nick Lindsell wrote:
> > The Tripwire documentation suggests that the database be
> > held on a floppy which is then write-protected - should
> > prevent a blackhat getting to it.
> 
> Ok, so lets say I have the original Tripwire DB on a read-only medium
> (CD-ROM would work, too, I suppose). But it still only tells me about
> problems *after* the damage has been done, right? Tripwire does nothing to
> *prevent* an attack, or am I missing something here? So, the main (only?)
> use would be to serve as a warning system a la "This system probably has
> been hacked!", right?
Don't knock it.  *Knowing* whether you may or may not have been hacked is
half the battle.  What good is updating and maintaining security if you were
compromised three months ago and didn't know it?  Tripwire and monitoring
your log files are good habits.  Be vigilant.

-- 
// Andrew MacKenzie  |  http://www.edespot.com
// Sleep: n. slEp
// A completely inadequate substitute for caffeine.

Attachment: msg92153/pgp00000.pgp
Description: PGP signature

Reply via email to