Host Integrity Monitoring Using Osiris and Samhain
A survival guide for the future of computing, this book provides the information necessary to understand the what, why, and how of host integrity monitoring.
TABLE OF CONTENTS Host Integrity Monitoring Using Osiris and Samhain
Additional Deployment Considerations
At this point, you should have trusted copies of installers on read-only media. However, before you begin deployment, there are additional issues that you should consider.
Read-Only Media
It is possible to deploy a scan agent to be run from read-only media, which is often suggested as the secure way to deploy host-based security agents. The idea is that an attacker cannot alter the agent executable or related files; thus, they can always be trusted. Not true. In previous chapters, you learned that there are many different ways to subvert software agents. They depend on the integrity of the runtime environment (kernel syscalls, memory, and so on); therefore, preventing the agent executables from tampering is only a partial solution. Furthermore, updates are cumbersome because you have to burn new media. Servers often do not have CD-ROM or DVD drives, or you may not want to dedicate the drive to be used specifically for Osiris. All things considered, this is not a good idea because it is not practical.
| Note | I have seen deployments of software such as Osiris, where administrators were sold on the idea of deploying on read-only media because that was the secure way to do it. In the end, the administrative overhead became such a burden that the entire system became useless. At that point, you have to ask yourself which is better; a useful deployment that you know is not perfect or nothing at all? |
Pre-provisioning Digital Certificates
Another deployment consideration is the...
Copyright Syngress Publishing, Inc. 2005 under license agreement with Books24x7
