Nice article. However, after an exploit comes detection and than mitigation/remediation. Without detection there is no mitigation. Regarding
Integrity monitoring, I found ossec [ http://www.ossec.net ] to be much more useful than tripwire or aide and it also does rootkit detection and log analysis (very good for detection).
Integrity monitoring, I found ossec [ http://www.ossec.net ] to be much more useful than tripwire or aide and it also does rootkit detection and log analysis (very good for detection).
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1871/629#629