Need help with a Networking and Computer Security Question (IFT 302 info and com
ID: 3919553 • Letter: N
Question
Need help with a Networking and Computer Security Question (IFT 302 info and computer security fundatmentals)
An example of a host-based intrusion detection tool is the tripwire program. This is a file integrity checking tool that scans files and directories on the system on a regular basis and notifies the administrator of any changes. It uses a protected database of cryptographic checksums for each file checked and compares this value with that recomputed on each file as it is scanned. It must be configured with a list of files and directories to check, and what changes, if any, are permissible to each. It can allow, for example, log files to have new entries appended, but not for existing entries to be changed. What are the advantages and disadvantages of using such a tool? Consider the problem of determining which files should only change rarely, which files may change more often and how, and which change frequently and hence cannot be checked. Hence consider the amount of work in both the configuration of the program and on the system administrator monitoring the responses generated.
Explanation / Answer
Solution: -
Advantages of File integrity checking tool
Disadvantage of File Integrity Checking tool
If your file is going to the production environment, then those files need to be checked thoroughly, because if those file goes to the live environment there can be chances of malware hitting the server and getting the data. Moreover, file integrity checking tool will also check the files which you are downloading from the outer network.
Suppose any files present in your device that is not important, those types of files can be rarely checked as those files are not important.
Since everything is automated so the file that need to be checked must be assigned in the tool and the tool will look for files that are being assigned to check the files for security risk.