Timothy Scott wrote:
> Morning all,
> What do people think about Haystack Labs' "WebStalker"?
I am a Network Security Specialist and have evaluated both the Solaris
and Win NT version of WebStalker. It's a nice idea, however it does not
function properly. For instance, in order to stop users from "jumping"
(i.e., telnet or ftp from the Web Server to another computer) WebStalker
monitors ftp and telnet executables. Of course merely changing the name
of the executables easily by-passes this security (which I have tested
and verified). WebStalker is also supposed to monitor designated files
and directories. However, even though it successfuly informs the
Administrator that a file was changed, it should not have allowed the
file to be changed in the first place.
What I've noticed is that WebStalker is always one step behind the
operating system and not one step in front of the OS. It also does not
change file attributes to match the security profile. That is, when the
Administrator configures WebStalker to allow certain users to change
files at certain times, WebStalker does not change the file permissions
of the protected files.
I don't think WebStalker is ready yet. It should be written into the OS
instead of outside the OS.
From: Timothy Scott <tscott @