Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Security and System Integrity. Value Proposition  Need for high reliability and integrity of information networks  Need for security at multiple.

Published byRose Veronica Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing Security and System Integrity. Value Proposition  Need for high reliability and integrity of information networks  Need for security at multiple."— Presentation transcript:

1 Managing Security and System Integrity

2 Value Proposition  Need for high reliability and integrity of information networks  Need for security at multiple levels Operating systems, applications, network components, etc.  Increased risk and frequency of DDOS attacks, worms, insider attacks, and outages from accidental IT issues  Need for high reliability and integrity of information networks  Need for security at multiple levels Operating systems, applications, network components, etc.  Increased risk and frequency of DDOS attacks, worms, insider attacks, and outages from accidental IT issues

3 Elevator Pitch Tripwire is the data integrity assurance company. Our software assures the integrity of data by:  Establishing a baseline of data in its desired state,  Detecting and reporting any changes to the baseline, and  Enabling rapid discovery and remediation when an undesired change occurs. In this way, Tripwire establishes the foundation for data security and ensures a safe, productive, and stable IT environment. Tripwire is the data integrity assurance company. Our software assures the integrity of data by:  Establishing a baseline of data in its desired state,  Detecting and reporting any changes to the baseline, and  Enabling rapid discovery and remediation when an undesired change occurs. In this way, Tripwire establishes the foundation for data security and ensures a safe, productive, and stable IT environment.

4 Situation Today  All servers are vulnerable to data integrity threats  By both internal and external sources.  Configuration errors by new or inexperienced administrators  New service packs, application updates, patches, etc.  Notification only initiates the process  Determination or Assessment account for most of the effort in repairing a problem. Pin pointing your efforts is critical to getting back to a known good state quickly.  Perimeter defenses only solve part of the problem  Can only tell you that you’ve been compromised.  Doesn’t tell what data has changed.  All servers are vulnerable to data integrity threats  By both internal and external sources.  Configuration errors by new or inexperienced administrators  New service packs, application updates, patches, etc.  Notification only initiates the process  Determination or Assessment account for most of the effort in repairing a problem. Pin pointing your efforts is critical to getting back to a known good state quickly.  Perimeter defenses only solve part of the problem  Can only tell you that you’ve been compromised.  Doesn’t tell what data has changed.

5 Firewall/network Authentication/Authorization/Administration Log Analyzer/ Anti-virus DataIntegrity Tripwire in layered security Encryption Internet

6 Causes of System and Network Downtime Downtime due to inside malicious acts Downtime due to outside malicious acts Downtime due to non- malicious events 20% 5% 75% Source: Tripwire Industry Research

7 Network Downtime: Causal Factors  Network and application downtime can result from a variety of factors. Based on IDC research, the chart below provides an analysis of network downtime (i.e., complete failure, significant latency, or only partial availability) casual factors for organizations with greater than 1,000 employees. On average, the LAN experienced downtime between 2 – 3 hours per month, while the WAN experienced downtime of similar length. Causal factors include: (1) Environmental, (2) Operator Error, (3) Application Failures, and (4) Malicious Events. IDC analysis indicates fully 97% of network downtime is due to non- malicious events.

8 Benefits of Data Integrity Assurance Data Integrity Assurance benefits your company by:  Establishing a Foundation for Data Security  Lowering Costs  Maximizing System Uptime  Providing Increased Control and Stability In a rapidly changing, highly unpredictable environment, Tripwire is the only way of knowing, for certain, that your data is safe and your systems remain uncompromised. Data Integrity Assurance benefits your company by:  Establishing a Foundation for Data Security  Lowering Costs  Maximizing System Uptime  Providing Increased Control and Stability In a rapidly changing, highly unpredictable environment, Tripwire is the only way of knowing, for certain, that your data is safe and your systems remain uncompromised.

9 Who Recommends Tripwire?  The NSA 60 Minute Network Security Guide published by the National Security Agency  The CERT ® Guide to System and Network Security Practices written by Julia H. Allen  State of the Practice of Intrusion Detection Technologies by CERT Coordination  Computer Security Handbook  Windows 2000 Security Handbook  System Administration, Networking and Security (SANS) Institute  Practical Unix and Internet Security  Handbook for Computer Security Incident Response Teams  The NSA 60 Minute Network Security Guide published by the National Security Agency  The CERT ® Guide to System and Network Security Practices written by Julia H. Allen  State of the Practice of Intrusion Detection Technologies by CERT Coordination  Computer Security Handbook  Windows 2000 Security Handbook  System Administration, Networking and Security (SANS) Institute  Practical Unix and Internet Security  Handbook for Computer Security Incident Response Teams

10 What is Data Integrity ?  Assuring that the object (files, systems registry) and infrastructure items (server data, Web page content, router configurations etc.) remain in a desired good state.  Deviations from the desired state are identified via an integrity check.  Alerts will be generated and routed to the appropriate parties, and other software systems, enabling rapid recovery.  Assuring that the object (files, systems registry) and infrastructure items (server data, Web page content, router configurations etc.) remain in a desired good state.  Deviations from the desired state are identified via an integrity check.  Alerts will be generated and routed to the appropriate parties, and other software systems, enabling rapid recovery.

11 Maximizing IT Security and Reliability Challenge:Security My job is on the line due to data security issues Goal:MaximizeROI Tripwire sets the foundation for an effective security strategy Challenge:Discovery Challenge:Audit Challenge:Control Challenge:Resources Challenge:Confidence Something’s wrong. And, we don’t know what or where to start Tripwire pinpoints exact changes, allowing for rapid remediation I have to comply with internal and external requirements and regulations Tripwire provides a tamper-proof record of system status, with audit trail of changes I have to be able to document and explain everything I do to my systems Tripwire detects all changes to systems and provides a framework for documentation I’m expected to scale capacity and maintain service levels with fewer people & a lower budget Tripwire increases staff productivity and leverages existing IT investment I need to know that my systems can be trusted and demonstrate that to others Tripwire ensures trust by verifying and confirming that systems are in a known good state

12 Where will you deploy Tripwire? Enterprise integrity at each and every point….  Web/E-commerce Servers  DNS Servers  Application Servers  Firewalls  File and Print Servers  Database Servers  Email Servers

13 How Does Tripwire Work? SSL Tripwire Manager Email Syslog SNMP 1. Take digital snapshot of existing files 2. Take a second digital snapshot later in time to compare 3. Any integrity violations are reported in various formats

14 Supported Platforms  Tripwire Manager Solaris 7 & 8 Microsoft Windows NT 4.0 - Workstation, Serer, Enterprise Server Windows 2000 -Professional, Server and Advanced Server  Tripwire for Servers Solaris (Sparc) 2.6-7, 8 Microsoft Windows NT 4.0 - Workstation, Serer, Enterprise Server Windows 2000 -Professional, Server and Advanced Server Windows XP HP-UX 10.2, 11.0, 11i Compaq Tru64 UNIX 4.0F, 4.0G, 5.0A, 5.1 and 5.1A IBM AIX 4.3, 4.3.3 FreeBSD 4.3 Linux – Various distributions, kernel 2.2 and 2.4

15  Tripwire Protects Itself  El Gamal 1024-bit asymmetric cryptography  Four message-digest algorithms used to insure data integrity  MD5  Haval  SHA/SHS  CRC 32  Authentication and Encryption Between Manager and Server  All data transmission uses SSL (Secure Socket Layer)  168 Triple DES Encryption Built On Strong Security Technology

16 What does Tripwire Monitor?  Permissions  Inode number  Number of links (i.e. inode reference count)  User ID of owner  Group ID of owner  File type  File size  File is expected to grow  Device number of the disk on which the inode is stored  Permissions  Inode number  Number of links (i.e. inode reference count)  User ID of owner  Group ID of owner  File type  File size  File is expected to grow  Device number of the disk on which the inode is stored  Device number of the device to which the inode points.  Number of blocks allocated  Access timestamp  Modification timestamp  Inode creation / modification timestamp  CRC-32 hash of the data  MD5 hash of the data  SHA hash of the data  HAVAL hash of the data Unix File System

17 What does Tripwire Monitor?  Archive flag  Read only flag  Hidden flag  Offline flag  Temporary flag  System flag  Directory flag  Last access time  Last write time  Create time  File size  Archive flag  Read only flag  Hidden flag  Offline flag  Temporary flag  System flag  Directory flag  Last access time  Last write time  Create time  File size  MS-DOS 8.3 name  NTFS Compressed flag  NTFS Owner SID  NTFS Group SID  NTFS DACL  NTFS SACL  Security descriptor control  Size of security descriptor for this object  0 to 4 hashes of the default data stream  Number of NTFS data streams  0 to 4 hashes of non-default data streams Windows NT/2000 File System

18 What does Tripwire Monitor?  Registry type: key or value  Owner SID  Group SID  DACL  SACL  Name of class  Number of subkeys  Maximum length of subkey name  Maximum length of classname  Number of values  Maximum length of the value name  Registry type: key or value  Owner SID  Group SID  DACL  SACL  Name of class  Number of subkeys  Maximum length of subkey name  Maximum length of classname  Number of values  Maximum length of the value name  Maximum length of data for any value in the key  Security descriptor control  Size of security descriptor  Last write time  Registry type: key or value  Type of value data  Length of value data  CRC-32 hash of the value data  MD5 hash of the value data  SHA hash of the value data  HAVAL hash of the value data Windows NT/2000 Registry

19 Tripwire Manager  Powerful, easy-to-use software for managing up to 2500 Tripwire for Servers installations  Centralized management and easy distribution of policies  See changes over your entire enterprise by object, violation type or group  Centralized analysis allows you to: Quickly assess which systems have been changed Correlate changes across multiple systems  Powerful, easy-to-use software for managing up to 2500 Tripwire for Servers installations  Centralized management and easy distribution of policies  See changes over your entire enterprise by object, violation type or group  Centralized analysis allows you to: Quickly assess which systems have been changed Correlate changes across multiple systems

20 Tripwire Manager 3.0 Tripwire Manager Features: Tripwire Manager Architecture NT or UNIX NT or UNIX Tripwire for Servers Tripwire for ServersNT/2000 NT/2000 UNIX UNIX Tripwire Manager Commands SSL Reports Data Centralized reporting Centralized policy management Edit & distribute configuration file Edit & distribute policy file Execute manual integrity checks Update Tripwire database Centralized scheduling Centralized reporting Centralized policy management Edit & distribute configuration file Edit & distribute policy file Execute manual integrity checks Update Tripwire database Centralized scheduling

21 Active vs. Passive Tripwire Managers Tripwire Manager Active Tripwire for Servers Tripwire Manager Passive  Multiple Tripwire Managers monitoring the same set of Tripwire for Servers  Active Tripwire Manager has complete management control  Passive Tripwire Manger has view only control  Active control is passed when Tripwire Manager is shut down  Can have only one active connection for each TFS  Multiple Tripwire Managers monitoring the same set of Tripwire for Servers  Active Tripwire Manager has complete management control  Passive Tripwire Manger has view only control  Active control is passed when Tripwire Manager is shut down  Can have only one active connection for each TFS

22 Key Benefits of Tripwire  Faster discovery and diagnosis problems Results in faster remediation and less down time  Augments other security and systems management Helps you maximize the effectiveness of your IT investments  Identifies changes, regardless of source or intent Doesn’t rely on known patterns or signatures Detects accidental and malicious changes  Peace of mind Helps you know which systems you can trust, and which ones you can’t  Faster discovery and diagnosis problems Results in faster remediation and less down time  Augments other security and systems management Helps you maximize the effectiveness of your IT investments  Identifies changes, regardless of source or intent Doesn’t rely on known patterns or signatures Detects accidental and malicious changes  Peace of mind Helps you know which systems you can trust, and which ones you can’t

23 In Summary  Tripwire… -Is the foundation for an effective security strategy and assures the integrity of data wherever it resides across your network. -Gives you control over your IT infrastructure by quickly pinpointing areas of change to enable fast, effective remediation. -Is the standard for data integrity assurance and the trusted choice in 92 countries around the world.  Tripwire… -Is the foundation for an effective security strategy and assures the integrity of data wherever it resides across your network. -Gives you control over your IT infrastructure by quickly pinpointing areas of change to enable fast, effective remediation. -Is the standard for data integrity assurance and the trusted choice in 92 countries around the world.

Download ppt "Managing Security and System Integrity. Value Proposition  Need for high reliability and integrity of information networks  Need for security at multiple."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep

Similar presentations

Ads by Google