9 Detecting intrusions

This chapter covers

  • Examining the phases of an intrusion as it progresses through the infrastructure
  • Detecting intrusions using indicators of compromise
  • Using Linux audit logs to detect intrusions
  • Inspecting the filesystems, memory, and network of endpoints remotely
  • Filtering outbound network traffic using intrusion-detection systems
  • Understanding the roles of developers and operators in detecting intrusions

July 2015. A hacker known by the pseudonym “Phineas Fisher” posts a short but terrifying message on Twitter:

gamma and HT down, a few more to go :)

The message quickly propagates across the information-security community. Gamma International and Hacking Team (HT) are two well-known security firms that sell ...

Get Securing DevOps now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.