1 / 9

Host – Based Intrusion Detection

Host – Based Intrusion Detection. “Working of Tripwire”. Background. Complements ... A Layered Security Approach Firewalls / VPNs Anti-virus Authentication Intrusion Detection System 2. Uses. Intrusion Detection File Integrity Assessment Damage Discovery (Forensics)

jersey
Download Presentation

Host – Based Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Host – BasedIntrusion Detection “Working of Tripwire”

  2. Background • Complements ... A Layered Security Approach • Firewalls / VPNs • Anti-virus • Authentication • Intrusion Detection System2

  3. Uses • Intrusion Detection • File Integrity Assessment • Damage Discovery (Forensics) • Change / Configuration Management • System Auditing • Policy Compliance

  4. How ‘TripWire’ Software Works Tripwire Reports Baseline Database 1. 3. Current System Tripwire Software 2.

  5. Steps Involved to Setup “TripWire” • Installation • Policy Creation • Generating Reports

  6. A Simple Policy File /etc R # all these files should be read only. /sbin R+12 # but, be extra careful with these. /var/spool/mail/maillog > # this file should only grow

  7. Pros and Cons of “TripWire” Pros : • Complements a layered security approach. • The generated report is small in size. • Running of TripWire is periodical and at the administrator’s discretion. Cons : • Lack of real time capability.

  8. Properties and Services of an OS • Process • Process time • State of process • Number of blocked processes • Number of running processes • Thrashing rate • Memory • Amount of memory used • Address range of the memory used

  9. Properties and Services of an OS • File • File size • File access permissions • Total disk space used • Number of files • IO • Number of IO operations (user, root, process) • Source and destination of IO • Total amount of data exchange between the channels • Bus utilization

More Related