Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: How do *you* secure your network with Perl?

by fuzzyping (Chaplain)
on Mar 27, 2002 at 06:11 UTC ( [id://154600]=note: print w/replies, xml ) Need Help??


in reply to How do *you* secure your network with Perl?

It's a relatively minor use of Perl, but I constructed a script using Digest::MD5 to track and ensure integrity of my chkrootkit binaries. I'm using this as a double-layer of trust to make sure that nobody modifies the existing chkrootkit binaries (which, in turn, monitor my system binaries for rootkit activity).

One obvious use for Perl in a network security setting would be an IDS (or NIDS), where Perl's excellent pattern matching capabilities would help to match packet fingerprints, but this is already handled capably by the likes of Snort. Unfortunately, I just don't see Perl scaling to the same performance levels as Snort.

-fuzzyping
  • Comment on Re: How do *you* secure your network with Perl?

Replies are listed 'Best First'.
Re: Re: How do *you* secure your network with Perl?
by Rhose (Priest) on Mar 27, 2002 at 14:58 UTC
    While you *could* write an IDS in perl, I am pretty sure any link with much activity would cause the PerlIDS(tm) to drop packets.

    However, a better use for perl in your IDS implementation is in the role of analysis scripts. Your IDS implementation should probably consist of one or more "quick and dirty" systems -- snort (or your IDS of choice) with fewer rules, and one or more analysis machines. Perl excels in the analysis role -- processing "historical" data.

[reply]
      On the subject of analysis (and somewhat removed from "modules"), I've had great success with Psionic's PortSentry, HostSentry and LogSentry.

      If things get any worse, I'll have to ask you to stop helping me.

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://154600]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (6)
As of 2024-04-25 15:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found