Firewall Wizards mailing list archives

Re: Second-Line defense on Windows NT

From: "Joseph S. D. Yao" <jsdy () cospo osis gov>
Date: Fri, 21 Nov 1997 13:24:25 -0500 (EST)

One possibility I see, is to implement on possible vulnerable hosts
(including the firewall) a small tool that permanently checks the integrity
of that host and the access to system resources. This tool should be able
to send some kind of real-time alert to administrators/operators when
something non-predifined happens on the host and perhaps it should be able
to take countermeasures like disabling the external network connection.
I'm pretty confident that this kind of tool exists on UNIX platforms,
although I can not remember some names I've heard, but at present I'm
looking for such a tool for a Windows NT host (commercial or shareware).
Can someone help me?


You are probably thinking of tripwire, run from 'cron'.  But I don't
know whether it (or anything else) does the same thing on MSW-NT.

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO Computer Support                                          EMT-A/B
-----------------------------------------------------------------------
        PLEASE ... send or Cc: all "COSPO Computer Support" mail to
                        sys-adm () cospo osis gov
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

Current thread:

Second-Line defense on Windows NT Toon_Mordijck (Nov 21)
- Re: Second-Line defense on Windows NT Joseph S. D. Yao (Nov 21)
- <Possible follow-ups>
- Re: Second-Line defense on Windows NT Pauline van Winsen - Uniq Professional Services (Nov 22)