Scribd Logo
Upload

Welcome to Scribd!

  • Trip Wire

    Uploaded by

    pinky065558
    6K views19 pages
    TripWire is a reliable intrusion detection system. Tool that checks to see what changes have been made in your system. TripWire maintains a log of all significant actions including adding and deleting nodes, rules, tasks and user accounts.

    Original Description:

    Original Title

    Trip Wire Ppt

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    TripWire is a reliable intrusion detection system. Tool that checks to see what changes have been made in your system. TripWire maintains a log of all significant actions including adding and deleting nodes, rules, tasks and user accounts.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6K views19 pages

    Trip Wire

    Uploaded by

    pinky065558
    TripWire is a reliable intrusion detection system. Tool that checks to see what changes have been made in your system. TripWire maintains a log of all significant actions including adding and deleting nodes, rules, tasks and user accounts.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    INTRUSION DETECTION SYSYTEM

    CONTENT Basically this presentation contains,


    What is TripWire?

    How does TripWire work?


    Where is TripWire used? Tripwire for network devices.+

    Tripwire for servers


    How do you install and use TripWire? What is the benefit of TripWire?

    What are the chances of TripWire?


    Final word on TripWire.

    What is TripWire?
    Reliable intrusion detection system. Tool that checks to see what changes have been made in your system. Pinpoints, notifies, determines the nature, and provides information on the changes on how to manage the change.

    Mainly monitors the key attributes(like binary signature, size and other related data) of your files.
    Changes are compared to the established good baseline. Security is compromised, if there is no control over the various operations taking place. Security not only means protecting your system against various attacks but also means taking quick and decisive actions when your system is attacked.

    Elements of tripwire
    A tripwire database
    A policy file

    How does TripWire work?

    First, a baseline database is created storing the original

    attributes like binary values in registry.


    If the host computer is intruded, the intruder changes

    these values to go undetected.


    The TripWire software constantly checks the system

    logs to check if any unauthorized changes were made.


    If so, then it reports to the user. User can then undo those changes to revert the system

    back to the original state.

    Where is TripWire used?


    Tripwire for Servers(TS) is software used by servers.

    Can be installed on any server that needs to be monitored for any

    changes.

    Typical servers include mail servers, web servers, firewalls, transaction

    server, development server.

    It is also used for Host Based Intrusion Detection System(HIDS) and

    also for Network Intrusion Detection System(NIDS).

    It is used for network devices like routers, switches, firewall, etc. If any of these devices are tampered with, it can lead to huge losses for

    the Organization that supports the network.

    TRIPWIRE FOR NETWORK DEVICES


    Tripwire for network devices maintains a log of all
    significant actions including adding and deleting nodes, rules, tasks and user accounts. Automatic notification of changes to your routers, switches and firewalls. Automatic restoration of critical network devices. Heterogeneous support for todays most commonly used network devices.

    User authentication levels


    Monitors are allowed only to monitor the

    application. They cannot make changes to Tripwire for Network Devices or to the devices that the software monitors. Users can make changes to Tripwire for Network Devices, such as add routers, switches. Groups, tasks, etc., but they cannot make changes to the devices it monitors. Powerusers can make changes to the software and to the devices it monitors. Administrator can perform all actions, plus delete violations and log messages as well as add, delete, or

    Tripwire for servers


    For the tripwire for servers software to work two

    important things should be present the policy file and the database. The Tripwire for servers software conducts subsequent file checks automatically comparing the state of system with the baseline database. Any inconsistencies are reported to the Tripwire manger and to the host system log file. Reports can also be emailed to an administrator.

    There are two types of Tripwire Manager Active Tripwire Manager Passive Tripwire Manager
    This active Tripwire Manager gives a user the ability to

    update the database, schedule integrity checks, update and distribute policy and configuration files and view integrity reports.
    The passive mode only allows to view the status of the

    machines and integrity reports.

    How do you install and use TripWire?


    Install Tripwire and customize the policy file. Initialize the Tripwire database. Run a Tripwire integrity check. Examine the Tripwire report file. Take appropriate security measures. Update the Tripwire database file. Update the Tripwire policy file.

    What is the benefit of TripWire?


    Increase security

    Immediately detects and pinpoints unauthorized change.


    Instill Accountability

    Tripwire identifies and reports the sources of change.


    Gain Visibility

    Tripwire software provides a centralized view of changes across the enterprise infrastructure and supports multiple devices from multiple vendors.
    Ensure Availability

    Tripwire software reduces troubleshooting time, enabling rapid discovery and recovery. Enables the fastest possible restoration back to a desired, good state.

    What are the chances of TripWire?


    The main attractive feature of this system is that the

    software generates a report about which file has been violated, when the file has been violated and also what information in the files have been changed.
    If properly used it also helps to detect who made the

    changes.
    Proper implementation of the system must be done with a

    full time manager and crisis management department.

    Where did I get this Information?


    www.tripwire.com
    www.iec.com www.itpaper.com www.google.com (Search for Tripwire)

    ADVANTAGES Increase security

    Immediately detects and pinpoints unauthorized change.


    Instill Accountability

    Tripwire identifies and reports the sources of change.


    Gain Visibility

    Tripwire software provides a centralized view of changes across the enterprise infrastructure and supports multiple devices from multiple vendors.
    Ensure Availability

    Tripwire software reduces troubleshooting time, enabling rapid discovery and recovery. Enables the fastest possible restoration back to a desired, good state.

    DRAWBACKS
    Ineffective when applied to frequently changing files. higher learning curve to install, edit, and maintain the

    software
    Cost Effective

    APPLICATIONS Tripwire for Servers(used as software). Tripwire for Host Based Intrusion Detection System

    (HIDS) and also for Network Based Intrusion Detection System (NIDS).
    Tripwire for Network Devices like Routers, Switches

    etc.

    You might also like