Make your own free website on Tripod.com


WZFileGuard


Your mission critical servers probably have already been protected by some kind of firewall (if not, you should implement it asap) and you probably have already used some kind of IDS software to help you to detect network security penetrations, but read on, here is a software that could help you to combat security threats that account for more than 50% of security penetrations happened on critical business servers.
Our specialized WZFileGuard software could help you much more efficiently to detect most common potential security threats:

in a userís .profile, on a banking application server, a malicious person could use this way to add in false transactions. On a critical server with account sharing (several system administrators share the root account; an account is shared by an application and file transfer service; etc), this could be the most common security threat, and needs be very closely monitored.

 

With password protection to registry file generation/updating and checksum verification, unauthorized changes to monitored filesystem objects and/or registry files can be easily detected when the protection passwords are only known to the security officer who generated the registry and runs the verification.

 

Compared with other similar software, WZFileGuard will make security officer monitoring these kinds of security threat or penetration much more efficient: it will only give you the real relevent events for you to examine. For example, WZFileGuard will not report new files under /tmp directory unless they are SetUID/SetGID programs or device files which are possible to pose security threat: those SetUID/SetGID files which are not executable by users other than the owner will not be reported; device files which are only readable/writable by root will not be reported:

-rws------ 1 root bin 9876 Jan 1 2002 /tmp/badfile

crw------- 1 root sys 1, 1 Jan 1 1970 /tmp/dev-mem

Here, although /tmp/badfile is SetUID to root, but no other users have the permission to execute it, so WZFileGuard will not alert you about this file's existence. Similarly, even though /tmp/dev-mem points to the same device as /dev/mem, and this is a very security important device, WZFileGuard will not alert you about it: it is not a security threat.