Introduction to Host Integrity

Right now, you are settling down to read this book, and I am reading your e-mail. Not really, but how can you know for sure? If you are like most people, you have taken a number of steps to protect your hosts. Firewalls serve to deflect attacks, but complete protection is not a reality. Most software is poorly written, and there is a great deal of software standing between you and your e-mail. So, again, if an attack against your e-mail server were successful, how soon would you know? More importantly, how would you know what was compromised in the attack?

A great deal of energy is directed at perimeter security, and for good reason. Network monitoring can detect that an attack has occurred, but not whether that attack was successful. Attacks do not always originate from outside the network. Efforts are made to secure hosts, but compromises are a reality. Most countries have militaries to defend their borders and various levels of law enforcement to maintain order on the inside. Banks put alarms on their doors, and they place cameras and armed guards inside to keep watch over valuables. In addition to monitoring the perimeter, you also need to ensure the integrity of your hosts by monitoring their environment. Most corporations are well aware of the need for network security, but many are still learning of the importance of implementing host-based integrity solutions.