Linux Today: Linux News On Internet Time.

More on LinuxToday

Linux Layer 8 Security

Sep 04, 2009, 18:04 (0 Talkback[s])
(Other stories by Lisa Kachold)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

"Quick Keyloggers

"Keyloggers can be a quick honeypot addition, as you evaluate deeper-level kernel, network, disk, and binary veracity after a suspicious security event. CERT recommends that any suspect server be rebuilt, but system administrators are often remiss in obtaining proof, right up until "pwnership" creates escalated reactivity where uptime is only a dream. Every one of us knows that ownership is equated to stability in America, right? http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

"Not all that glitters is gold, however: keyloggers can act as a part of a honeypot, be a component of PCI compliance, part of Sarbanes-Oxley (SOX) audit tools, change management or system administration utilities - or be a part of Trojan viruses. Certainly, a great deal of system penetration and changes are done without using a shell (e.g., webmin, sftpd, httpd/DAV writes, and low level binary trojans - see Snort or Autopsy).

"It's becoming more and more common to log all root keystrokes in layers of trust and secrecy that users, developers, and even system administrators don't immediately recognize.

"The three most often deployed keyloggers in Linux systems include:"

Complete Story

Related Stories: