Read only media might be a solution but it is not a practical one for web
sites who change their content very often. I have he following questions
related to this subject:
- What if the OS is using a RAM disk?
- Isn't it possible to start a process who can alter the web file
information while it is send (only words for examaple)?
I am not a firewall guru but I wonder if it wouldn't be possible to use a
second computer as mirror of the Web Site. This computer can supervise the
original web site and monitor the audit log using remote access. In case it
detects major modifications in the original web site or other kind of
unauthorized access
it can make the following operations
- make a copy of the altered site for later analysis
- kill any processes which start writing, or attempting to write in areas
they shouldn't (system areas for instance)
- save the current system parameters for later analysis
- replace the altered site with the good one
- change sensitive passwords and save them for the administrator if
possible
- alert the administrator
I think a system like that can prevent hacking without anyone from the
outside to observe anything.
If the above ideas are not correct please let me know.
Just a thought
Gabriel Dura
dura @
geocities .
com
|
|
