Firewall Wizards mailing list archives
Re: Anti-Defacement Products...
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Thu, 23 Mar 2000 18:18:47 -0500
On Tue, Feb 22, 2000 at 10:44:26AM -0800, Starkey, Kyle wrote:
I was thinking about defacement the other day and how to help automate a response to this type of activity. I understand that host based security and network based security is the key, but what about response. I am looking for a product that could be used to make sure the page being displayed was the real page. Thoughts of encyting the page/code to get a hash and storing it somewhere inside the enterprise, periodically the webserver re-calcing the hash on the page stored locally and running a check against a the stored copy secured in box on the inside. I would also envision the automatic posting of the original source back to the webserver and alerts bieng generated to the security officer if the two hashes did not match. Does anyone know of any product that does something similar? I was hoping not to have to build this from scratch, but perhaps it will be my little project. Any thoughts about this project or software that might already do this for me would be greatly appreciated...
Are you thinking of something as simple as running 'tripwire' on your Web server daily? If you are thinking of doing this remotely, how to distinguish when the Web page legitimately changes? What about "active" or "dynamic" pages, whose content changes naturally? ;-) -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Re: Anti-Defacement Products... Joseph S D Yao (Mar 28)
- <Possible follow-ups>
- Re: Re: Anti-Defacement Products... Paul McNabb (Mar 29)