HP3000-L Archives

March 2004, Week 3

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Intrusion Detection for MPE
From:
"Emerson, Tom" <[log in to unmask]>
Reply To:
Emerson, Tom
Date:
Thu, 18 Mar 2004 09:05:31 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (11 lines) 
> From: Greg Stigers [mailto:[log in to unmask]]
> 
> What are list members doing to attempt to track intrusion [...]

The commercial answer, of course, is VEsoft's VEaudit -- I think someone mentioned using the %SEC LISTLOG OPVIOLATION command, which probably covers the most obvious cases.

Some things you would want to look for, however, are not so obvious as "brute force" attempts -- things like placing a program that needs PM into a non-PM group.  Sure, this seems innocent enough, but it is really a "wolf in sheeps clothing" if there is a chance that the group might "someday" gain PM capability...

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2