Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5."— Presentation transcript:

1 Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5

2 Information Networking Security and Assurance Lab National Chung Cheng University 2 Description The first objective of an attacker is to obtain access to your system. The second objective is to retain that access, even if you close the hole she entered. To accomplish this, an attacker will often install a RootKit Tripwire creates a database of advanced mathematical checksums (MD5) to take a snapshot of a system’s file properties and contents.

3 Information Networking Security and Assurance Lab National Chung Cheng University 3 Purpose To introduce you to the installation, configuration, and use of Tripwire as a host- based intrusion detection system

4 Information Networking Security and Assurance Lab National Chung Cheng University 4 Principle and Pre-Study What is RootKit? How do you know if you can trust the information your system is giving you? a collection of modified System Binaries that are designed to hide the attacker’s activities on your system.

5 Information Networking Security and Assurance Lab National Chung Cheng University 5 Required Facilities Hardware:  PC or Workstation with UNIX-based OS Software  Tripwire 2.3.1

6 Information Networking Security and Assurance Lab National Chung Cheng University 6 Step (I): Install on FreeBSD FreeBSD Make with FreeBSD port tree Accept the license agreement The information of install configuration Enter the site keyfile passphrase The site keyfile passphrase will need when initial or modify the configuration file or the policy file Enter the local key file passphrase The local keyfile passphrase will need when initial or modify the tripwire database file. The local key may also be used for signing integrity check reports Enter the site passphrase Sign the Tripwire configuration file Enter the site passphrase Sign the Tripwire policy file Enter the local passphrase Generating the database by the policy file Wait a while for creating the database Install complete

7 Information Networking Security and Assurance Lab National Chung Cheng University 7 Step (II): Test Tripwire Add a user name is jared who have root access right compare the file system and the tripwire database The output after check the file system Tripwire detect that the file have been modified

8 Information Networking Security and Assurance Lab National Chung Cheng University 8 Step (III): Scheduling function Using “crontab” to run Tripwire check every day as 1 a.m. and the output will be mailed to root at same time. Edit /etc/crontab with root and restart /usr/sbin/cron

9 Information Networking Security and Assurance Lab National Chung Cheng University 9 The tripwire configure file The tripwire policy file

10 Information Networking Security and Assurance Lab National Chung Cheng University 10 Summary Using a database of calculate checksums, tripwire is capable of detecting when a critical system file is changed. The database made by tripwire should be secured in such a way that an attacker can not alter it.

11 Information Networking Security and Assurance Lab National Chung Cheng University 11 Reference http://www.tripwire.org RFC 1321 - The MD5 Message-Digest Algorithm Man page of tripwire

12 Information Networking Security and Assurance Lab National Chung Cheng University 12 Appendix – install on Linux Select the tripwire rpm for each linux distribution and install it. rpm –I tripwire-[version].i386.rpm After complete the installation, create the site keyfile password and the local keyfile password sh /etc/tripwire/twinstall.sh

13 Information Networking Security and Assurance Lab National Chung Cheng University 13 Sign the Tripwire configuration file Sign the Tripwire policy file Install the default policy /usr/sbin/twadmin –m P /etc/tripwire/twpol.txt Generate the initial checksum database /usr/sbin/tripwire –m I Edit the default site policy file vi /etc/tripwire/twpol.txt

14 Information Networking Security and Assurance Lab National Chung Cheng University 14

Download ppt "Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.

Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/041 Auditing your Microsoft Windows system Host-Based Intrusion.

Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/041 Auditing your Microsoft Windows system Host-Based Intrusion.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Vulnerability Assessment NIKTO.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Vulnerability Assessment NIKTO.
2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University

2004, Jei Nessus A Vulnerability Assessment tool A Security Scanner Information Networking Security and Assurance Lab National Chung Cheng University
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
2004, Jei Tripwire An Intrusion Detection Tool Information Networking Security and Assurance Lab National Chung Cheng University.

2004, Jei Tripwire An Intrusion Detection Tool Information Networking Security and Assurance Lab National Chung Cheng University.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.

Information Networking Security and Assurance Lab National Chung Cheng University WebGoat.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Jai, 2004 Incident Response & Computer Forensics Chapter 6 Live Data Collection from Unix Systems Information Networking Security and Assurance Lab National.

Jai, 2004 Incident Response & Computer Forensics Chapter 6 Live Data Collection from Unix Systems Information Networking Security and Assurance Lab National.
Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )

Information Networking Security and Assurance Lab National Chung Cheng University 2004/03/031 A Real World Attack: wu-ftp Cao er kai ( 曹爾凱 )
Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.

Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Information Networking Security and Assurance Lab National Chung Cheng University Snort.

Information Networking Security and Assurance Lab National Chung Cheng University Snort.

Similar presentations

Ads by Google