A number of other scanners are in the market today. Two others are mentioned here. The list of competitors is growing almost daily. Ballista, developed by Secure Networks, Inc., is now owned and marketed by Network Associates. The IBM Network Security Auditor (NS Auditor) is another alternative primarily for UNIX systems.
Ballista
Developed under the leadership […]
Next, you want to look for the event that turns this file into an executable. In AIX this would be a FILE_Mode event. For this example, the audit event for this activity will be labeled E2. The sequence of interest is El, followed by any number of other events, followed by E2. El alone is […]
A hacker prefers to gain additional access to resources on the system rather than launch DoS attacks. To get beyond the system’s defined ACLs, a local user needs to trick another user into either granting this access or into operating on behalf of that user. Obviously, if you can determine someone else’s password, you can […]
UNIX systems are susceptible to denial-of-service (DoS) attacks because, among users, many of the system’s resources are shared including kernel resources, disk storage, and memory. This section describes a few DoS attacks that can occur even if the user does not have special privileges. As UNIX OSs have become more mature, they have been placing […]
A pattern-matching IDS can look at a sequence of events to detect a problem. For example, if someone is suddenly removing dozens or hundreds of files, you might be faced with a disgruntled employee about to leave a system in an irreparable state. If you wanted to detect such an attack, you could configure your […]
