Technical (Bottom-Up) Methodology 107
Do backdoors or inappropriate chains of trust exist? There are a number
of different ways that this could be happening. Is an end user running
pcAnywhere as a means of getting around the corporate virtual private
network (VPN)? Another inappropriate chain of trust could exist inside
UNIX systems in the /etc/rhosts and the /etc/hosts.equiv files.
Is there evidence of intrusion? Keep your eyes open when performing the
tests. If you see results that really make you believe that an intrusion has
occurred, stop your testing and alert the responsible party immediately.
Any further security testing that you do at this point could overwrite the
forensic evidence of how the system was compromised.
Are detection measur ...