DOCSLIB.ORG

Secure Your Ubuntu

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Secure Your Ubuntu Security Secure your Ubuntu “The only security that a man can have in this world is a reserve of knowledge, experience and ability” Henry Ford ecurity is one of, if not the most de- Install minimum packages bated topic with people using comput- It is a good idea to remove packages that Sers. Losing data be it personal photos, you do not use regularly. Even after unin- bank statements or work related documents stalling some programs, their dependen- is every users worst nightmare. This article cies may still exist. Such dependencies is dedicated in enlightening and empower- should be removed using a program like ing you to enhance your experience on this the Computer Janitor available under Sys- wonderful operating system. Security I have tem –> Administration in Ubuntu. It will tried to give at least one example of the so- not only enhance your security but also lution wherever possible. improve performance. The Figure 1 shows the various dependencies that still existed Is Linux really a Secure even after removing the programs using a System? package manager. This is one of the biggest questions that a new Also, it is advised to install software only Linux user is confronted with after switching from trusted sources. This is because secu- over from another operating system. A lot of rity vulnerabilities are not induced only from comparisons can be raised between different malicious software installed on the system. operating systems explaining their loopholes. They might even exist in current supported However, there is no operating system in the packages residing within Ubuntu reposito- world that will be completely invulnerable to security issues, and there never will be. But unlike other systems, Ubuntu comes as close as possible to provide you with a protected platform for doing your work. Each process running on the Linux system has its own private memory pages and cannot ac- cess the memory pages being used by an- other process. The kernel maintains its own memory areas. For security purposes, no processes can access memory used by the kernel processes. Also, each individual user on the system has a private memory area used for handling any applications the user starts. This method of isolation prevents un- authorized entry of various malicious soft- ware into Ubuntu. Figure 1. Computer Janitor in Ubuntu www.linuxidentity.com 25 Security Figure 3. Provide your password for admin- istrative tasks Figure 2. Disable Unused Startup Services Figure 4. Example of APG in Terminal ries. A regularly updated list can be Administrative A similar case may arise while viewed at the Ubuntu Security No- Privileges trying to run a command in the ter- tices page available at http://www. There are certain applications that minal. Here you may be asked ei- ubuntu.com/usn require special privileges. When ther to provide a password directly It is a good practice to visit this you try to open such a program, a or use sudo at the beginning of the page before installing a new pro- pop up window similar to the one command. gram on Ubuntu to be informed shown in the Figure 3 may appear. If you’re unsure about the appli- about its security vulnerabilities. When some malware wants to gain cation, simply hit [Cancel] or press access to your computer, it requires the [Esc] key. Disable Unused this password. Services When confronted by such a Strong Passwords It is important to disable the services window think carefully before pro- This is a practice that should be that you do not plan to use for some viding the password. The details followed by a user whether you are time. These services can be found at menu will give you more informa- setting a password for your work the System –> Preferences –> Start- tion about the process that is trying email account or just a social net- up Applications menu. to gain access. working site. For example, you may turn off The window should launch only There are various elements the Remote Desktop service (see when you have asked a certain appli- that a password should contain Figure 2) if you do not wish to use cation to do something which requires for it to be called strong. A very it. These changes will not only en- administrative privileges. These ap- good method of creating a strong hance your security but also speed plications have the potential to cause password is by using an Automat- up your boot process. major changes in the system. ed Password Generator. The pack- Figure 5. Open Seahorse via menu Figure 6. Creating a PGP Key 26 Linux Identity Starter Security Figure 7. Your PGP Keys Figure 8. Choose Recipients age apg in the Ubuntu repositories These programs allow us to create firm a passphrase for the new PGP is a very useful tool to creating a variety of keys that can be used to key. This is the cipher/password passwords that are very difficult encrypt information. that is essential to lock and unlock to crack. information using this key. Be sure The Figure 4 shows an example Note: For this method to run to remember it or your data could of the apg command generating six we will need to install the be lost forever. strong passwords automatically. package seahorse-plugins which is You can view the created PGP Also these passwords are easy to not provided by default. Install this keys in the My Personal Keys Tab as remember when associated with package using the Synaptic Pack- shown in the Figure 7. their pronunciations as shown in age Manager or the following com- These keys only exist on your the parentheses beside them. mand in the Terminal: computer at the moment. You can synchronize these keys with remote Encrypting your files ↵ servers. To do this in Seahorse and folders $ sudo apt-get install seahorse-plugins choose Remote –> Sync and Pub- There may be times when you want lish Keys... from the menu. to keep your information hidden Creating a PGP Key from other people having access to Choose Passwords and Encryption Encrypting your information your computer. Or to ensure that im- Keys from the Applications –> Acces- Now go to the files and folders that portant information is not divulged sories menu as shown in theFigure 5. you wish to encrypt. Select the when an unauthorized person ob- The Passwords and Encryption files/folders, right-click and choose tains your data. At such times, just Keys window will come up. Choose Encrypt... from the menu. A Choose making your files/folders hidden or File –> New... or press [Ctrl] + [N]. Recipients window (see Figure 8) changing their permissions is not You will be confronted with the pop- will open where you are required to enough. Here, it is better to make up window. specify the key that you want to as- use of encryption. sociate with these set of files and Encryption simply means encod- Note: If you already have a folders. ing information in such a way that key, the same can be import- In case there are multiple files or it will be accessible only to the per- ed into Seahorse. To do this choose folders another window will pop up sons authorized to view it. There are File –> Import... and specify the lo- as shown in the Figure 9. many popular ways of encrypting cation of the key. It is a good prac- If you have selected the option files and folders in Ubuntu. As an tice to keep backup of keys on your of encrypting by packing together in example, I have explained encryp- computer remote servers. A key can a package, a compression package tion on a Ubuntu Desktop with PGP be exported using the File –> Ex- of the specific extension will be pro- keys using Seahorse. port... command. duced. Or else, you will see files with The package Seahorse is a the extension pgp which are the files front-end for the Gnu Privacy Guard Here choose PGP Key as shown in encrypted using this key. program that integrates into the the Figure 6 and click on continue. Gnome Desktop. This package is A simple setup will guide you Decrypting your information provided in the Ubuntu 10.04 Sys- through this creation process. You To open encrypted packages or pgp tem by default. For Kubuntu, you will be asked information like your files, simply double-click them. The can make use of the KGPG pack- full name and email address. You packages will open via your default age which is available by default. will also be asked to enter and con- compression application where you www.linuxidentity.com 27 Security will be asked the passphrase. In this aspect also requires a case of pgp files, you will be first mention in this article. asked to enter a new name to save Hackers and such other the file. Then you will be required to elements are constantly enter the key’s passphrase. The de- trying to illegally gain in- crypted file will then be created in formation from various the specified folder. computers be it from a Government institution or Security Updates your grandma’s laptop. The Figure 9. Pack Multiple Files / Folders Developers of Ubuntu OS often come risk multiplies even more if up with various security patches and you are using your Personal updates that can be easily integrat- Computer to view mails or ed into your existing system. Ubuntu download from unknown 10.04 is tagged as a Long-Term-Sup- sites over the Internet. port (LTS) release. For LTS releases, And there is only one so- Ubuntu provides security and patch lution to it: Be Smart.
Load more

Recommended publications
  • Status of Open Source and Commercial Ipv6 Firewall Implementations (Paper)
    Status of Open Source and commercial IPv6 firewall implementations Dr. Peter Bieringer AERAsec Network Services & Security GmbH [email protected] http://www.aerasec.de/ European Conference on Applied IPv6 (ECAI6) Cologne, Germany September 6 - 7, 2007 Abstract IPv6, the successor of IPv4, has been ready for production for quite some time. For security reason, firewalling in IPv6 is also an important requirement. This paper presents an overview of the status of Open Source and commer- cial implementations. Introduction With IPv4 nowadays, many client-to-server and most client-to-client communications are intercepted by gate- ways with address and port masquerading abilities, usually named Network (and Port) Address Translation (NAT, NAPT). This prohibits native client-to-client communication, if both peers are located behind such gate- ways. In this case, only special tunnelling techniques, like STUN (Simple traversal of UDP over NATs), which requires special servers located at the Internet, or other ªfirewall-piercingº methods can help to establish native and bidirectional client-to-client communication. One of the goals of IPv6 is the re-introduction of bidirectional, native end-to-end communication without play- ing any tricks on gateways in between. Also, IPv6 has a large enough address space which should suffice for the next decades. Therefore NAT was left out by design, too. Jumping back to IPv4, the initial intention of introducing NAT was the lack of IPv4 addresses for use in internal networks, while still allowing clients to open connections to the Internet via a hiding mechanism. It turned out to also protect internal networks against threats from the Internet, because under normal circumstances (bug- free stateful hiding-NAT implementation on the gateway) it©s not possible for an outside node to connect to an internal host without any dedicated rule on the gateway.
    [Show full text]
  • Ethical Hacking and Countermeasures Version 6
    Ethical Hacking and Countermeasures Version 6 Modu le LX Firewall Technologies News Source: http://www.internetnews.com/ Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective This modu le will fam iliar ize you wihith: • Firewalls • Hardware Firewalls • Software Firewalls • Mac OS X Firewall • LINUX Firewall • Windows Firewall Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Firewalls Mac OS X Firewall Hardware Firewalls LINUX Firewall Software Firewalls Windows Firewall Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Firewalls: Introduction A firewall is a program or hardware device that protects the resources of a private netw ork from users of other networks It is responsible for the traffic to be allowed to pass, block, or refuse Firewall also works with the proxy server It helps in the protection of the private network from the users of the different network Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hardware Firewalls Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hardware Firewall Har dware Firewa lls are place d in the perime ter of the networ k It employs a technique of packet filtering It reads the header of a packet to find out the source and destination address The information is then compared with the set of predefined and/orand/ or user created rules that determine whether the packet is forwarded or dropped Copyright © by EC-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Netgear Firewall Features: • ItInterne t shar ing broa dbddband router and 4-port switch • 2x the speed and 4x times the coverage of a Wireless-G router • Configurable for private networks and public hotspots • Double Firewall protection from external hackers attacks • Touchless WiFi Security makes it easy to secure your network Copyright © by EC-Council EC-Council All Rights Reserved.
    [Show full text]
  • Wireless Networking in the Developing World
    Wireless Networking in the Developing World Second Edition A practical guide to planning and building low-cost telecommunications infrastructure Wireless Networking in the Developing World For more information about this project, visit us online at http://wndw.net/ First edition, January 2006 Second edition, December 2007 Many designations used by manufacturers and vendors to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the authors were aware of a trademark claim, the designations have been printed in all caps or initial caps. All other trademarks are property of their respective owners. The authors and publisher have taken due care in preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information contained herein. © 2007 Hacker Friendly LLC, http://hackerfriendly.com/ This work is released under the Creative Commons Attribution-ShareAlike 3.0 license. For more details regarding your rights to use and redistribute this work, see http://creativecommons.org/licenses/by-sa/3.0/ Contents Where to Begin 1 Purpose of this book........................................................................................................................... 2 Fitting wireless into your existing network.......................................................................................... 3 Wireless
    [Show full text]
  • Index Images Download 2006 News Crack Serial Warez Full 12 Contact
    index images download 2006 news crack serial warez full 12 contact about search spacer privacy 11 logo blog new 10 cgi-bin faq rss home img default 2005 products sitemap archives 1 09 links 01 08 06 2 07 login articles support 05 keygen article 04 03 help events archive 02 register en forum software downloads 3 security 13 category 4 content 14 main 15 press media templates services icons resources info profile 16 2004 18 docs contactus files features html 20 21 5 22 page 6 misc 19 partners 24 terms 2007 23 17 i 27 top 26 9 legal 30 banners xml 29 28 7 tools projects 25 0 user feed themes linux forums jobs business 8 video email books banner reviews view graphics research feedback pdf print ads modules 2003 company blank pub games copyright common site comments people aboutus product sports logos buttons english story image uploads 31 subscribe blogs atom gallery newsletter stats careers music pages publications technology calendar stories photos papers community data history arrow submit www s web library wiki header education go internet b in advertise spam a nav mail users Images members topics disclaimer store clear feeds c awards 2002 Default general pics dir signup solutions map News public doc de weblog index2 shop contacts fr homepage travel button pixel list viewtopic documents overview tips adclick contact_us movies wp-content catalog us p staff hardware wireless global screenshots apps online version directory mobile other advertising tech welcome admin t policy faqs link 2001 training releases space member static join health
    [Show full text]
  • Firewall Builder 4.0 User's Guide Firewall Builder 4.0 User's Guide Copyright © 2003,2010 Netcitadel, LLC
    Firewall Builder 4.0 User's Guide Firewall Builder 4.0 User's Guide Copyright © 2003,2010 NetCitadel, LLC The information in this manual is subject to change without notice and should not be construed as a commitment by NetCitadel LLC. NetCitadel LLC assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual. Table of Contents 1. Introduction ................................................................................................................... 1 1.1. Introducing Firewall Builder ................................................................................... 1 1.2. Overview of Firewall Builder Features ..................................................................... 1 2. Installing Firewall Builder ................................................................................................ 4 2.1. RPM-based distributions (Red Hat, Fedora, OpenSUSE and others) ............................... 4 2.2. Ubuntu Installation ............................................................................................... 4 2.3. Installing FreeBSD and OpenBSD Ports ................................................................... 5 2.4. Windows Installation ............................................................................................ 5 2.5. Mac OS X Installation .......................................................................................... 5 2.6. Compiling from Source ........................................................................................
    [Show full text]
  • Suse Linux Enterprise Server Benchmark V1.0
    CIS SuSE Linux Benchmark SuSE Linux Enterprise Server Benchmark v1.0 (SuSE Linux Enterprise Server 9.0) March, 2006 Copyright 2001-2005, The Center for Internet Security http://www.CISecurity.org/ 1 CIS SuSE Linux Benchmark TERMS OF USE AGREEMENT Background. The Center for Internet Security ("CIS") provides benchmarks, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the CIS website or elsewhere ("Products") as a public service to Internet users worldwide. Recommendations contained in the Products ("Recommendations") result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems, and devices. Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a "quick fix" for anyone's information security needs. No Representations, Warranties, or Covenants. CIS makes no representations, warranties, or covenants whatsoever as to (i) the positive or negative effect of the Products or the Recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness, or completeness of the Products or the Recommendations. CIS is providing the Products and the Recommendations "as is" and "as available" without representations, warranties, or covenants of any kind. User Agreements. By using the Products and/or the Recommendations, I and/or my organization ("We") agree and acknowledge that: 1.
    [Show full text]
  • Firewall Builder User's Guide
    Firewall Builder User’s Guide Firewall Builder User’s Guide $Id: UsersGuide3.xml 252 2009-09-12 21:05:00Z vadim $ Edition Copyright © 2003,2009 NetCitadel, LLC The information in this manual is subject to change without notice and should not be construed as a commitment by NetCitadel LLC. NetCitadel LLC assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual. Table of Contents 1. Introduction............................................................................................................................................1 1.1. Introducing Firewall Builder.......................................................................................................1 1.2. Overview of Firewall Builder Features.......................................................................................1 2. Installing Firewall Builder....................................................................................................................3 2.1. RPM-based distributions (Red Hat, Fedora, OpenSUSE and others).........................................3 2.2. Ubuntu Installation......................................................................................................................3 2.3. Installing FreeBSD and OpenBSD Ports....................................................................................4 2.4. Windows Installation...................................................................................................................4 2.5. Mac OS X Installation.................................................................................................................4
    [Show full text]
  • Iptableshowto
    IPTables HowTo - Community Ubuntu Documentation https://help.ubuntu.com/community/IptablesHowTo &ogin to Edit 2buntu Documentation > Community Documentation > Iptables7owTo IptablesHowTo Basic iptables howto Sommaire Iptables is a firewall, installed by default on all official Ubuntu distributions Basic iptables howto1. Basic Commands2. 92buntu, Kubuntu, Xubuntu). When you install Ubuntu, iptables is there8 Basic Iptables Options3. but it allows all tra fic by default. Ubuntu 8.04 Comes with ufw - a program 4. Allowing Established Sessions for managing the iptables firewall easily. ". Allowing Incoming Tra ic on Specific !orts Bloc#ing Tra ic$. There is a wealth of information available about iptables, but much of it is Editing iptables%. fairly complex, and if you want to do a few basic things, this How To is for &ogging'. you. Sa(ing iptables). 1.. Con ig*ration on startup Basic Commands 1. Sol*tion +1 , /etc/networ#/inter aces 2. Sol*tion +2 -etc/networ#-if,pre,*p.d and ..-if,post-down.d Typing 11. Con ig*ration on Start*p or /etwor#0anager 12. Tips # iptables -L 1. I 1o* man*ally edit iptables on a reg*lar basis lists your current rules in iptables. If you have just set up your server, you 2. 2sing iptables,sa(e/restore to test r*les will have no rules, and you should see 0ore detailed &ogging3. 3isabling the irewall4. Chain INPUT (policy ACCEPT) 13. Eas1 con ig*ration (ia 42I target prot opt source destination 5*rther In ormation14. Credits1". Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Basic Iptables Options 7ere are explanations for some of the iptables options you will see in this tutorial.
    [Show full text]
  • Migration from Windows to Linux for a Small Engineering Firm "A&G Associates"
    Rochester Institute of Technology RIT Scholar Works Theses 2004 Migration from Windows to Linux for a small engineering firm "A&G Associates" Trimbak Vohra Follow this and additional works at: https://scholarworks.rit.edu/theses Recommended Citation Vohra, Trimbak, "Migration from Windows to Linux for a small engineering firm A&G" Associates"" (2004). Thesis. Rochester Institute of Technology. Accessed from This Thesis is brought to you for free and open access by RIT Scholar Works. It has been accepted for inclusion in Theses by an authorized administrator of RIT Scholar Works. For more information, please contact [email protected]. Migration from Windows to Linux for a Small Engineering Firm "A&G Associates" (H ' _T ^^L. WBBmBmBBBBmb- Windows Linux by Trimbak Vohra Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Information Technology Rochester Institute of Technology B. Thomas Golisano College of Computing and Information Sciences Date: December 2, 2004 12/B2/28B2 14:46 5854752181 RIT INFORMATION TECH PAGE 02 Rochester Institute of Teehnology B. Thomas Golisano College of Computing and Information Sciences Master of Science in Information Technology Thesis Approval Form Student Name: Trimbak Vohra Thesis Title: Migration from Windows to Unux for a Small Engineeriog Firm "A&G Associates" Thesis Committee Name Signature Date Luther Troell luther IrQell, Ph.D ttL ",j7/Uy Chair G. L. Barido Prof. ~~orge Barido ? - Dec:. -cl7' Committee Member Thomas Oxford Mr. Thomas OxfocQ \ 2. L~( Q~ Committee Member Thesis Reproduction Permission Form Rochester Institute of Technology B. Thomas Golisano College of Computing and Information Sciences Master of Science in Information Technology Migration from Windows to Linux for a Small Engineering Firm "A&G Associates" I,Trimbak Vohra, hereby grant permission to the Wallace Library of the Rochester Institute of Technology to reproduce my thesis in whole or in part.
    [Show full text]
  • Language-Independent Synthesis of Firewall Policies
    2018 IEEE European Symposium on Security and Privacy Language-Independent Synthesis of Firewall Policies Chiara Bodei, Pierpaolo Degano, Letterio Galletta Riccardo Focardi, Mauro Tempesta, Lorenzo Veronese Dipartimento di Informatica, Universita` di Pisa, Italy DAIS, Universita` Ca’ Foscari Venezia, Italy {chiara,degano,galletta}@di.unipi.it {focardi,tempesta}@unive.it, [email protected] Abstract—Configuring and maintaining a firewall configura- with possible severe consequences on the functionality and tion is notoriously hard. Policies are written in low-level, the security of the network. When a network is protected platform-specific languages where firewall rules are inspected by more than one firewall the situation complicates further, and enforced along non trivial control flow paths. Further since the configurations of the various firewalls need to be difficulties arise from Network Address Translation (NAT), kept coherent: enabling or disabling a connection typically since filters must be implemented with addresses translations requires to modify the configuration of all the firewalls that in mind. In this work, we study the problem of decompiling are potentially traversed by the considered connection. a real firewall configuration into an abstract specification. Firewall policy languages are varied and usually rather This abstract version throws the low-level details away by complex, accounting for low-level system and network de- exposing the meaning of the configuration, i.e., the allowed tails and supporting non trivial control flow constructs, such connections with possible address translations. The generated as jumps and gotos. The way firewall configurations are specification makes it easier for system administrators to check enforced typically depends on how packets are processed by if: (i) the intended security policy is actually implemented; the network stack of the operating system.
    [Show full text]
  • Linux Security Methods
    Network Security Using LINUX Michael Sweeney Network Security Using Linux by Michael Sweeney Copyright 2005 Michael Sweeney. All rights reserved Printed in the United States of America Published by PacketPress, 4917 Leeds Ave, Orange, CA 92867. PacketPress books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (www.packetpress.net). For more information contact our sales department at: 1-714-637-4235 or [email protected] Editor: Jeanne Teehan Technical Editor: Cover Designer: Amanda Sweeney Printing History: January 2005 First Edition. While every precaution has been taken in the preparation of this book, the publisher and the author assume no responsibility for errors, or omissions, or for damages resulting from the use of the information contained herein. "The idea is to try to give all the information to help others to judge the value of your contribution; not just the information that leads to judgment in one particular direction or another" Richard Feynman Table of Contents Network Security using Linux......................................................... Credits.............................................................................................X Preface............................................................................................xii Who is this book for?......................................................................................xiii How the book was written..............................................................................xiii
    [Show full text]
  • Detecting Intrusions the Latest Forensics Tools and Techniques To
    Detecting Intrusions The latest forensics tools and techniques to identify Windows malware infections Pär Österberg Medina, Sitic FIRST Conference 2008 Vancouver, June 2008 0 About the Tutorial 1 About the Tutorial Analysis System is Yes Incident Data Report Indication collection of collected Compromised? Handling data No Report 2 About the Tutorial The Speaker Pär Österberg Medina CISSP, GCIH Experienced with Windows and UNIX, penetration testing. Now an incident handler with the Swedish Government CERT, SITIC . 3 About the Tutorial Previous presentations 2006 Sitic – Spring seminar http://www.sitic.se/seminarium/sitics-varseminarium/ SecHeads T2’06 http://www.t2.fi/schedule/2006/#speech8 Sitic – Seminar about Detecting Intrusions http://www.sitic.se/seminarium/seminarium_dec06/ 4 About the Tutorial Previous presentations 2007 Sitic – Seminar about Detecting Intrusions http://www.sitic.se/seminarium/seminarium_feb07/ IP-dagarna http://oldweb.iis.se/Internetdagarna/2006/22-forensics/forensics.shtml Susec http://www.susec.sunet.se/susec/Susecv07/ 5 About the Tutorial Previous presentations FIRST2007 “Forensic Tools and Techniques to Examine Microsoft Windows” Andreas Schuster - Deutche Telekom http://computer.forensikblog.de/en/ 6 About the Tutorial Agenda Course outline Present methods and techniques an organization can use in order to build a framework which can be used to; Detect a potential computer intrusion or rule it off as a false positive • Malware that do not try to hide itself • Malware that try to hide itself Detect IT-policy violations 7 About the Tutorial Agenda Objective The attendees should have a good knowledge of which methods and techniques to use when investigating a suspected computer intrusion Memory acquisition and analysis should be a standard part of your incident investigation Everybody in this classroom should have come to the conclusion themselves, that an automated method for both collecting and analyzing data is needed when investigating a computer system that is suspected of an intrusion.
    [Show full text]