Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
This chapter focused on monitoring system integrity and intrusion detection. If you suspect that a system might be compromised, you can refer to this chapter's list of potential problem indications. If you see some of these indications and conclude that the system is compromised, you can make use of the list of recovery steps discussed. Finally, incident-reporting considerations were discussed, and pointers were given on whom you might report an incident to. Chapter 10 looks at the implementation of some of the things you learned in this chapter by looking at the specific tools involved in intrusion detection and system testing. |
Категории