1 / 16

TRIPWIRE

TRIPWIRE. CONTENTS. Introduction Tripwire For Servers Tripwire Manager Tripwire For Network Devices Working Of Tripwire Advantages Conclusion. Introduction. Reliable intrusion detection system. Software tool that checks to see what has changed in your system.

adia
Download Presentation

TRIPWIRE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TRIPWIRE

  2. CONTENTS • Introduction • Tripwire For Servers • Tripwire Manager • Tripwire For Network Devices • Working Of Tripwire • Advantages • Conclusion

  3. Introduction • Reliable intrusion detection system. • Software tool that checks to see what has changed in your system. • It mainly monitors the key attribute of your files. • Tripwire software’s cross platform functionality enables to manage thousands of devices across your infrastructure.

  4. Principle: • The system administrator identifies key files and causes tripwire to record checksum for those files. • He also puts in place a cron job, whose job is to scan those files at regular intervals comparing to the original checksum. • Any changes, addition or deletion, are reported to the administrator.

  5. TRIPWIRE FOR SERVERS • Tripwire for Servers is software that is exclusively used by servers. • Any server where it is imperative to identity if and when a file system change has occurred should be monitored with tripwire for servers. • For this s/w to work, two important things should be present – the policy file and the database.

  6. Flexible Policy Language • The flexible policy tool can be customized to fit the needs of each and every server. • Release of version 4.0, made policy file creation easier. • Allows to group objects around easy-to-understand rule names and then prioritize them.

  7. Continued… • Version 4.0 to some extend determines who made these changes. • Methods for reducing the risk of an intruder being able to replace a Tripwire for Servers installation include: • Hiding the application by renaming configuration, data, and binary files and installing to a hidden location. • Installing Tripwire for Servers to a read-only partition such as a CD-ROM

  8. TRIPWIRE MANAGER • Cross platform management console. • Allows system and security professionals to easily manage all installations of Tripwire for Servers software. • Two types: • Active Tripwire Manager • Passive Tripwire Manager

  9. TRIPWIRE FOR NETWORK DEVICES • Monitors the integrity of routers, switches and firewalls-network devices. • Tripwire for Network Device has four user authorization levels: • “Monitors” are allowed only to monitor the application. They cannot make changes to Tripwire for Network Devices or to the devices that the software monitors.

  10. “Users” can make changes to Tripwire for Network Devices, such as add routers, switches. Groups, tasks, etc., but they cannot make changes to the devices it monitors. • “Power users” can make changes to the software and to the devices it monitors. • “Administrator” can perform all actions, plus delete violations and log messages as well as add, delete, or modify user accounts.

  11. WORKING OF TRIPWIRE

  12. Continued… 1.Install Tripwire and customize the policy file. 2.Initialize the Tripwire database 3.Run the integrity check 4.Examine the Tripwire report file 5.If unauthorized integrity violations occur, take appropriate security measures

  13. Continued… 6.If the file alterations were valid, verify and update the Tripwire database 7. If the policy file fails verification, update the Tripwire policy file

  14. ADVANTAGES • Increase security • Instill Accountability • Gain Visibility • Ensure Availability

  15. CONCLUSION • Tripwire is a reliable intrusion detection system. • Attractive feature - software generates a report (about which, when and what). • Also helps to detect who made the changes. • Tripwire for Open Source is under research

  16. Thank you

More Related