There are well established algorithms (e.g., SHA) that can take a file and produ

Question

There are well established algorithms (e.g., SHA) that can take a file and produce a unique numeric value (a checksum or hash digest).The sha sum for a file will be different if even one byte of that file changes.

A bad guy might attempt to modify a system configuration file (i.e., one that does not often change) in a way that goes undetected. If the attempt to modify the file goes undetected (e.g., an inside job might not be seen as a violation), how can a system operator check on the integrity of files?

There are commercial products and services that can be used to help you monitor the integrity of your files: name one

Explanation / Answer

Answer)

The system operator checks the integrity of the file when the system gets booted. An automatic check is made. The file system then checks the problem and repairs it.

There are superblock checks, file system and inode list size checks, free block checks, format and type of inode checks, link count checks, duplicate block checks, indirect checks are made. Many more other than these checks are also made to prevent the attempt to modify the file which probably would go undetected.

The services and products that can help to monitor the integrity of one file are as follows:

1) Trustwave endpoint protection

2) ADAudit Plus

3) Log and Event Manager for FIM

4) Qualys Guard

etc.

Hope this answer helps. :) Happy to help.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.