Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.

Similar presentations


Presentation on theme: " Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion."— Presentation transcript:

1

2  Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion

3  Reliable intrusion detection system.  Software tool that checks to see what has changed in your system.  It mainly monitors the key attribute of your files.  Tripwire software’s cross platform functionality enables to manage thousands of devices across your infrastructure.

4  The system administrator identifies key files and causes tripwire to record checksum for those files.  He also puts in place a cron job, whose job is to scan those files at regular intervals comparing to the original checksum.  Any changes, addition or deletion, are reported to the administrator.

5  Tripwire for Servers is software that is exclusively used by servers.  Any server where it is imperative to identity if and when a file system change has occurred should be monitored with tripwire for servers.  For this s/w to work, two important things should be present – the policy file and the database.

6  The flexible policy tool can be customized to fit the needs of each and every server.  Release of version 4.0, made policy file creation easier.  Allows to group objects around easy-to- understand rule names and then prioritize them.

7  Version 4.0 to some extend determines who made these changes.  Methods for reducing the risk of an intruder being able to replace a Tripwire for Servers installation include: Hiding the application by renaming configuration, data, and binary files and installing to a hidden location. Installing Tripwire for Servers to a read-only partition such as a CD-ROM

8  Cross platform management console.  Allows system and security professionals to easily manage all installations of Tripwire for Servers software.  Two types: Active Tripwire Manager Passive Tripwire Manager

9  Monitors the integrity of routers, switches and firewalls-network devices.  Tripwire for Network Device has four user authorization levels: “Monitors” are allowed only to monitor the application. They cannot make changes to Tripwire for Network Devices or to the devices that the software monitors.

10 “Users” can make changes to Tripwire for Network Devices, such as add routers, switches. Groups, tasks, etc., but they cannot make changes to the devices it monitors. “Power users” can make changes to the software and to the devices it monitors. “Administrator” can perform all actions, plus delete violations and log messages as well as add, delete, or modify user accounts.

11

12 1.Install Tripwire and customize the policy file. 2.Initialize the Tripwire database 3.Run the integrity check 4.Examine the Tripwire report file 5.If unauthorized integrity violations occur, take appropriate security measures

13 6.If the file alterations were valid, verify and update the Tripwire database 7. If the policy file fails verification, update the Tripwire policy file

14  Increase security  Instill Accountability  Gain Visibility  Ensure Availability

15  Tripwire is a reliable intrusion detection system.  Attractive feature - software generates a report (about which, when and what).  Also helps to detect who made the changes.  Tripwire for Open Source is under research

16


Download ppt " Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion."

Similar presentations


Ads by Google