The IT Law Wiki
(Created page with "== Definition == '''Integrity checking''' tools can detect whether any critical system files have been changed, thus enabling the system administrator to look for [[unau…")
 
Line 5: Line 5:
 
== Overview ==
 
== Overview ==
   
Integrity checkers examine [[stored]] [[file]]s or [[network packet]]s to determine if they have been [[altered]] or changed. These checkers are based on [[checksum]]s — a simple mathematical operation that turns an entire [[file]] or a [[message]] into a number. More complex [[hash function]]s that result in a fixed string of [[encrypted data]] are also used. The integrity checking process begins with the creation of a baseline, where [[checksum]]s or [[hash]]es for clean [[data]] are [[compute]]d and saved. Each time the integrity checker is run, it again makes a [[checksum]] or [[hash]] computation and compares the result with the [[stored value]].
+
Integrity checkers examine [[stored]] [[file]]s or [[network packet]]s to determine if they have been [[altered]] or changed. They can only flag a change as suspicious; they cannot determine if the change is a genuine [[virus]] [[infection]].
  +
  +
These checkers are based on [[checksum]]s — a simple mathematical operation that turns an entire [[file]] or a [[message]] into a number. More complex [[hash function]]s that result in a fixed string of [[encrypted data]] are also used. The integrity checking process begins with the creation of a baseline, where [[checksum]]s or [[hash]]es for clean [[data]] are [[compute]]d and saved. Each time the integrity checker is run, it again makes a [[checksum]] or [[hash]] computation and compares the result with the [[stored value]].
 
[[Category:Technology]]
 
[[Category:Technology]]
 
[[Category:Data]]
 
[[Category:Data]]

Revision as of 00:34, 16 February 2011

Definition

Integrity checking tools can detect whether any critical system files have been changed, thus enabling the system administrator to look for unauthorized alteration of the system.

Overview

Integrity checkers examine stored files or network packets to determine if they have been altered or changed. They can only flag a change as suspicious; they cannot determine if the change is a genuine virus infection.

These checkers are based on checksums — a simple mathematical operation that turns an entire file or a message into a number. More complex hash functions that result in a fixed string of encrypted data are also used. The integrity checking process begins with the creation of a baseline, where checksums or hashes for clean data are computed and saved. Each time the integrity checker is run, it again makes a checksum or hash computation and compares the result with the stored value.