Next: Selecting an Identification Tool
Up: Selecting the Right Tool
Previous: Selecting an Access Control
Due to cost considerations, change detection
tools are usually implemented in
software. However, hardware implementations do speed the calculation of
cryptographic checksums.
The following questions should be considered when selecting a change detector:
- What kind of checksum algorithm does the tool use - CRC or cryptographic?
CRC algorithms are faster. Cryptographic checksums are more secure.
- Can the tool be configured to skip executables that are known to be
self-modifying? Consistent false positives will eventually cause
the end-user to ignore the reports.
- How are the checksums stored? Some tools create a checksum file for
every executable, which tends to clutter the file system and wastes disk space.
Other tools store all checksums in a single file. Not only is this technique
a more efficient use of disk space, but it also allows the user to store the
checksum file off-line (e.g., on a floppy).