Fingerprinting of Machines in Critical Systems for Integrity Monitoring and Verification

TL;DR

This paper presents a method for creating comprehensive system fingerprints, including hardware, file hashes, and kernel info, to monitor and verify the integrity of critical systems against evolving cyber threats.

Contribution

It introduces a new tool for capturing and securely storing system fingerprints, enhancing proactive integrity monitoring in critical systems.

Findings

Effective identification of system changes over time

Enhanced detection of unauthorized modifications

Robust security features for fingerprint storage

Abstract

As cyber threats continue to evolve and diversify, it has become increasingly challenging to identify the root causes of security breaches that occur between periodic security assessments. This paper explores the fundamental importance of system fingerprinting as a proactive and effective approach to addressing this issue. By capturing a comprehensive host's fingerprint, including hardware-related details, file hashes, and kernel-level information, during periods of system cleanliness, a historical record is established. This historical record provides valuable insights into system changes and assists in understanding the factors contributing to a security breach. We develop a tool to capture and store these fingerprints securely, leveraging the advanced security features. Our approach presents a robust solution to address the constantly evolving cyber threat landscape, thereby safeguarding the integrity and security of critical systems.