CONTENTS Introduction Tripwire For Servers Tripwire Manager Tripwire For Network Devices Working Of Tripwire Advantages Conclusion Introduction Reliable intrusion detection system Software tool that checks to see what has changed in your system ID: 586426
Download Presentation The PPT/PDF document "TRIPWIRE" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
TRIPWIRESlide2
CONTENTS
Introduction
Tripwire For Servers
Tripwire Manager
Tripwire For Network Devices
Working Of Tripwire
Advantages
ConclusionSlide3
Introduction
Reliable intrusion detection system.
Software tool that checks to see what has changed in your system.
It mainly monitors the key attribute of your files.
Tripwire software’s cross platform functionality enables to manage thousands of devices across your infrastructure.Slide4
Principle:
The system administrator identifies key files and causes tripwire to record checksum for those files.
He also puts in place a cron job, whose job is to scan those files at regular intervals comparing to the original checksum.
Any changes, addition or deletion, are reported to the administrator.Slide5
TRIPWIRE FOR SERVERS
Tripwire for Servers is software that is exclusively used by servers.
Any server where it is imperative to identity if and when a file system change has occurred should be monitored with tripwire for servers.
For this s/w to work, two important things should be present – the policy file and the database. Slide6
Flexible Policy Language
The flexible policy tool can be customized to fit the needs of each and every server.
Release of version 4.0, made policy file creation easier.
Allows to group objects around easy-to-understand rule names and then prioritize them. Slide7
Continued…
Version 4.0 to some extend determines who made these changes.
Methods for reducing the risk of an intruder being able to replace a Tripwire for Servers installation include:
Hiding the application by
renaming configuration, data, and binary files and installing to a hidden location.
Installing Tripwire for Servers to a read-only partition such as a CD-ROM
Slide8
TRIPWIRE MANAGER
Cross platform management console.
Allows system and security professionals to easily manage all installations of Tripwire for Servers software.
Two types:
Active Tripwire Manager
Passive Tripwire ManagerSlide9
TRIPWIRE FOR NETWORK DEVICES
Monitors the integrity of routers, switches and firewalls-network devices.
Tripwire for Network Device
has four user authorization levels:
“Monitors” are allowed only to monitor the application. They cannot make changes to Tripwire for Network Devices or to the devices that the software monitors.Slide10
“Users” can make changes to Tripwire for Network Devices, such as add routers, switches. Groups, tasks, etc., but they cannot make changes to the devices it monitors.
“
Power users” can make changes to the software and to the devices it monitors.
“Administrator” can perform all actions, plus delete violations and log messages as well as add, delete, or modify user accounts.Slide11
WORKING OF TRIPWIRESlide12
Continued…
1.Install Tripwire and customize the policy file.
2.Initialize the Tripwire database
3.Run the integrity check
4.Examine the Tripwire report file
5.If unauthorized integrity violations occur, take appropriate security measuresSlide13
Continued…
6.If the file alterations were valid, verify and update the Tripwire database
7. If the policy file fails verification, update the Tripwire policy fileSlide14
ADVANTAGES
Increase security
Instill Accountability
Gain Visibility
Ensure
AvailabilitySlide15
CONCLUSION
Tripwire is a reliable intrusion detection system.
Attractive feature - software generates a report (about which, when and what).
Also helps to detect who made the changes.
Tripwire for Open Source is under researchSlide16
Thank
y
ou