First page Back Continue Last page Graphics
Build Audit Trails
Audit trails are the one thing we should be able to depend upon after a succesful compromise
- Use centralized logging servers with daily backups
- No syslog over UDP, but encrypted syslog over TCP
- Use centralized NTP servers, all connecting to the same remote stratum 1 NTP server
- Network based Intrusion Detection System
- Host based Intrusion Detection system
- Expert Intrusion Detection System (not pattern based as NIDS or HIDS, but based purely on "strange" traffic, comparable to Heuristics in scanner engines)