All Posts

Topics

Cybersecurity
Cloudcomputing

Share

project
5 min read

File Integrity Manager

Source Code can be found here

Integrity is part of the CIA Triad. That includes confidentiality, integrity and availability. Most of what is done falls within these three pillars. Confidentiality means making sure data or information remains confidential and protected from those who are not supposed to see it. Availability means ensuring that systems remains online and accessible to those who need them and integrity refers to maintaining consistency and trustworthiness, meaning making sure that data is not changed when it's not supposed to be. If it is changed, then some type of alert or notification should be generated so that an analyst can investigate it further.

 

In order to do this, this project consists of creating a FIM in PowerShell or file integrity monitor. A FIM is an application that monitors some important files and has the ability to erase an alert.  

 

When the script is ran, it asks the user what they want to do. There are two options. Do they want to collect a new baseline or monitor files with existing baseline. If the user says they want to collect new baseline, the software looks into the folder that the files are being monitored and collects hashes of the files. Hashes essentially take digital thumbprint of each file and store it as a baseline text file. That baseline.txt file will have the file, file pathway and corresponding hash. If anything about the file changes, then the thumbprint or hash is totally different. When we collect a baseline, the FIM looks at all of our files, gathers all the hashes and stores them in a baseline text file  that we can use in the future to make sure nothing is different. After we have our baseline file with the hashes, we start the program again and say that we want to "begin monitoring files with our saved  baseline." When option 2 is chosen, program loads the baseline text into a dictionary, which is a data structure that will store the value, the file name, which stores the key with the corresponding value. It will store all the key value pairs in baseline.txt. It then continuously loops through files and checks each files to make sure that the hash still matches the baseline. If hash is different then program prints on the screen a notification. This is meant to serve as a high level Proof of Concept.

 The idea of checking files:

  • making sure files maintain their integrity
  • Making sure that it does not  get changed or deleted
  • If it does, raise some kind of alert

 

Some ways to improve on this project:

  • Letting the user pick which folder to monitor files in.
  • Do recursive file monitoring that dives deep into all files
  • Add error checking, such as monitoring files if there is no baseline
  • Flow control and create a baseline.
  • Instead of printing, email you or implementing with Twilio API to send a text message

Overall this project taught me the basics of creating a File Integrity Manager. I plan on improving on this project in later versions. The actual proof of concept can be found here.

Previous

network security and python software engineer

Next

Rest API

CS

Pages
PortfolioResume
Contact
Linkedinjelani.bobcombe@gmail.com
© 2023 All rights reserved.
Cookies Settings