Page 923 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 923
Checking the Hash
Checking the hash value of files is always a good idea. This simple
task can prevent the use of corrupted files and prevent the
accidental acceptance of maligned data. Several intrusion detection
systems (IDSs) and system integrity verification tools use hashing
as a means to check that files did not change over time. This is
done by creating a hash for every file on a drive, storing those
hashes in a database, and then periodically recalculating hashes for
files and checking the new hash against the historical one. If there
is ever any difference in the hashes, then you should investigate the
file.
Another common use of hashes is to verify downloads. Many
trusted internet download sites provide MD5 and SHA hash totals
for the files they offer. You can take advantage of these hashes in at
least two ways. First, you can use a download manager that
automatically checks the hashes for you upon download
completion. Second, you can obtain a hashing tool, such as
md5sum or sha1sum, to generate your own hash values. Then
manually compare your generated value from the downloaded file
against the claimed hash value from the download site. This
mechanism ensures that the file you ultimately have on your
system matches, to the last bit, the file from the download site.
Record sequence checking is similar to a hash total check; however,
instead of verifying content integrity, it verifies packet or message
sequence integrity. Many communications services employ record
sequence checking to verify that no portions of a message were lost
and that all elements of the message are in their proper order.
Transmission Mechanisms
Transmission logging is a form of auditing focused on
communications. Transmission logging records the particulars about
