An Introduction to Integrity Monitoring
When it comes to protecting and maintaining infrastructures such as websites and servers, Integrity Monitoring is key. This solution validates the integrity of a given environment, namely, it checks to see whether the contents of your site’s files have changed unexpectedly.
You can use Integrity Monitoring to detect file changes in operating systems, web servers, and web applications such as WordPress. It can even prove useful for monitoring file-based software solutions such as databases and configuration files.
Organizations that use a file integrity monitoring solution are more likely to detect security breaches early on, giving them a better chance of staying online and deterring any major damage. For this reason, File Integrity Monitoring is primarily considered to be a security solution.
However, this solution can achieve other goals as well.
In some cases, it can monitor software and operating systems configuration changes in:
- Open ports configuration on a server.
- Webserver and network services configuration.
- Running or stopped services (daemons) on a server.
Even planned file changes can sometimes cause problems to your WordPress site. By keeping track of all your modifications with File Integrity Monitoring, you can easily pin down possible causes for errors that are related to changes in your files.
This makes troubleshooting faster, so you can get your site back up and running right away.
How Integrity Monitoring Works
File Integrity Monitoring works by taking “fingerprints” of your site’s files and then comparing them one another. If the fingerprints differ, it means the files have changed.
To create a fingerprint, the File Integrity Monitor (also known as a File Integrity Scanner) scans a single file and creates a “checksum’ — a unique string of data associated with that file — by running a cryptographic hash function on the file.
File Integrity Monitoring can become useful to check other file properties as well, such as permissions and the modification date. These checks are crucial as even a simple change in a file’s permissions could leave the system open to attacks.
Why Integrity Monitoring Is Important
One of the aspects that make File Integrity Monitoring a must-have security solution is its twofold strength both a reactive and proactive security solution.
Integrity Monitoring as Proactive Security
An example of proactive security is identifying mistakes done by your developers while working on your website that might leave your site exposed. Wrong file permissions, left-over files containing sensitive information, such as a backup of a database or a source code file, are good examples of security threats that File Integrity Monitoring can proactively identify.
Integrity Monitoring as Reactive Security
File Integrity Monitoring solution can also point out what’s been changed on your site after a hack attack or in which files the malware was injected.
In addition to that, it can even check for changes in your website’s setup by monitoring crucial WordPress site files, such as the wp-config.php and .htaccess files.
Thanks to this key information, you could revert your site to its previous (clean) state and clean up any malware or “bad code” left in the shortest time possible.
Compliance requirement
For some, File Integrity Monitoring may also be required by law. The Payment Card Industry Data Security Standard (PCI DSS) requires compliant sites to:
“Deploy a change detection mechanism (for example, file integrity monitoring tools) to alert personnel to unauthorized modification.”
Managing your website visitors’ sensitive information is a serious responsibility. If you store any type of customer data on your website, especially cardholder data, having File Integrity Monitoring enabled helps you ensure such data has not been tampered by anyone and keep you on the right side of the law.