Subtitles of the Movie

Exam objective 2.212.6 has a weight of 3 and verifies that candidates are able to install and configure a security authentication system, perform basic security auditing of source code, receive security alerts from various sources, audit servers for open e-mail relays, and anonymous FTP servers. You should be able to install and run intrusion detection systems and apply security fixes. You can get programs to help you with security. Tripwire is a program that can be used to detect unauthorized activities. You set it up by creating a database containing all the files in a system with information about the file size and modification dates. By coming back and checking the database you can see which of the files have changed and decide what, if anything, should be done about it. You can monitor your system by setting up a regular time to check all the files and update the database. Tripwire is included in some Linux distributions but you will have to install it yourself. Snort is a program that performs real-time network traffic analysis, and it can detect network intrusion. With it you can perform protocol analysis, content searching, content matching, and it can be used to detect different kinds of attacks and probes, buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts and more. Snort is flexible. It can be used as a simple sniffer like TCP Dump, or it can be used as a traffic logger, or as an intrusion detector. Inmap is a program that can be used for network exploration and for scanning for security. You can use Inmap to determine which ports you are listening to. Nessus is vulnerability scanning software. Its purpose is to check a system for points of vulnerability. New vulnerability check plug-ins are produced almost daily and you can run the Nessus daemon and add the plug-ins continuously to test your system. Port Sentry runs as a daemon process, listens to the ports, and will block scanning hosts from connecting to the computer. You can specify which port numbers to monitor. You can be notified when problems are found. Bug Track is a moderated mailing list with discussions on computer security and vulnerabilities. To subscribe to Bug Track, send a message to BugTrackSubscribe@securityfocus.com. The body of the message doesn't matter. CERT is a center of Internet security expertise at the Software Engineering Institute. To subscribe to the mailing list send a message to Majordomo@cert.org. In the body of the message should be the words "subscribe cert advisory." The CIAC is the Computer Incident Advisory Capability of the Department of Energy. It has several mailing lists and you can find out about them at the CIAC Web site. You should become familiar with Kerberose. Kerbreose was written by the Massachusetts Institute of Technology and this is its home page and it's explained in detail. You should get an idea of what's involved with installing it. Pay particular attention to the ACL file, the Access Control List.