Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Host – Based Intrusion Detection “Working of Tripwire”

Published byKatherine Paul Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Host – Based Intrusion Detection “Working of Tripwire”"— Presentation transcript:

1 1 Host – Based Intrusion Detection “Working of Tripwire”

2 2 Background Complements... A Layered Security Approach  Firewalls / VPNs  Anti-virus  Authentication  Intrusion Detection System2

3 3 Intrusion Detection File Integrity Assessment Damage Discovery (Forensics) Change / Configuration Management System Auditing Policy Compliance Uses

4 4 How ‘TripWire’ Software Works Baseline Database Current System Tripwire Software Tripwire Reports 1. 2. 3.

5 5 Installation Policy Creation Generating Reports Steps Involved to Setup “TripWire”

6 6 A Simple Policy File /etc R # all these files should be read only. /sbin R+12 # but, be extra careful with these. /var/spool/mail/maillog > # this file should only grow

7 7 Pros and Cons of “TripWire” Pros : Complements a layered security approach. The generated report is small in size. Running of TripWire is periodical and at the administrator’s discretion. Cons : Lack of real time capability.

8 8 Properties and Services of an OS Process Process time State of process Number of blocked processes Number of running processes Thrashing rate Memory Amount of memory used Address range of the memory used

9 9 Properties and Services of an OS File File size File access permissions Total disk space used Number of files IO Number of IO operations (user, root, process) Source and destination of IO Total amount of data exchange between the channels Bus utilization

Download ppt "1 Host – Based Intrusion Detection “Working of Tripwire”"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.
What to expect.  Linux  Windows Server (2008 or 2012)

What to expect.  Linux  Windows Server (2008 or 2012)
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.
Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.

Intrusion Detection CS-480b Dick Steflik. Hacking Attempts IP Address Scans scan the range of addresses looking for hosts (ping scan) Port Scans scan.
Potions of Protection Server Security. What does that do again? Familiarity Differing levels of protection –Low, does not exist –Medium, No private data.

Potions of Protection Server Security. What does that do again? Familiarity Differing levels of protection –Low, does not exist –Medium, No private data.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
T RIP W IRE Karthik Mohanasundaram Wright State University.

T RIP W IRE Karthik Mohanasundaram Wright State University.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Similar presentations

Ads by Google