|
Definition
Tripwire is a reliable intrusion
detection system. It is a software tool that checks to see what has changed in
your system. It mainly monitors the key attribute of your files, by key attribute
we mean the binary signature, size and other related data. Security and operational
stability must go hand in hand, if the user does not have control over the various
operations taking place then naturally the security of the system is also compromised.
Tripwire has a powerful feature which pinpoints the changes that has taken place,
notifies the administrator of these changes, determines the nature of the changes
and provide you with information you need for deciding how to manage the change.
Tripwire Integrity management solutions monitor
changes to vital system and configuration files. Any changes that occur are compared
to a snapshot of the established good baseline. The software detects the changes,
notifies the staff and enables rapid recovery and remedy for changes. All Tripwire
installation can be centrally managed. Tripwire software's cross platform functionality
enables you to manage thousands of devices across your infrastructure.
Security not only means protecting your system against various attacks but also
means taking quick and decisive actions when your system is attacked. First of
all we must find out whether our system is attacked or not, earlier system logs
were certainly handy. You can see evidences of password guessing and other suspicious
activities. Logs are ideal for tracing steps of the cracker as he tries to penetrate
into the system. But who has the time and the patience to examine the logs on
a daily basis? Penetration usually involves
a change of some kind, like a new port has been opened or a new service. The most
common change you can see is that a file has changed. If you can identify the
key subsets of these files and monitor them on a daily basis, then we will be
able to detect whether any intrusion took place. Tripwire is an open source program
created to monitor the changes in a key subset of files identified by the user
and report on any changes in any of those files. When changes made are detected,
the system administrator is informed. Tripwire 's principle is very simple, the
system administrator identifies key files and causes tripwire to record checksum
for those files. He also puts in place a cron
job, whose job is to scan those files at regular intervals (daily or more frequently),
comparing to the original checksum. Any changes, addition or deletion, are reported
to the administrator. The administrator will be able to determine whether the
changes were permitted or unauthorized changes. If it was the earlier case the
n the database will be updated so that in future the same violation wouldn't be
repeated. In the latter case then proper recovery action would be taken immediately.
Tripwire For Servers
Tripwire for Servers is a software that is exclusively
used by servers. This software can be installed on any server that needs to be
monitored for any changes. Typical servers include mail servers, web servers,
firewalls, transaction server, development server etc, Any server where it is
imperative to identity if and when a file system change has occurred should b
monitored with tripwire for servers. For the tripwire for servers software to
work two important things should be present - the policy file and the database.
The tripwire for Servers software conducts
subsequent file checks, automatically comparing the state of the system with the
baseline database. Any inconsistencies are reported to the Tripwire Manager and
to the host system log file. Reports can also be emailed to an administrator.
If a violation is an authorized change, a user can update the database so changes
no longer show up as violations.
You may also like this : EDGE, Holographic Data Storage , Integer Fast Fourier Transform, NRAM, Orthogonal Frequency Division Multiplplexing , Ovonic Unified Memory, 4G Wireless Systems , Daknet, AC Performance Of Nanoelectronics , High Performance DSP Architectures, Millipede , Free Space Laser Communications, Short Message Service (SMS), Conditional Access System , SyncML, Virtual keyboard, High Altitude Aeronautical Platforms, MANET , Smart Fabrics, Dynamic Virtual Private Network, Blue Tooth, Autonomic Computing , Voice Over Internet Protocol, Artificial Neural Network (ANN) , DNA Based Computing, Digital Subscriber Line , Freenet, Access gateways , Free Space Optics, Introduction to the Internet Protocols, High Altitude Aeronautical Platforms, Fiber Distributed Data Interface , Hyper-Threading technology , IMode, Cyberterrorism Adding Intelligence to Internet, Self-Managing Computing, Unified Modeling Language (UML), Socket Programming, SAM, VoCable , ATM with an Eye,Mind Reading Computer, Blue Brain, 6G Wireless, Touch Screens,IT Seminar Reports, PPT and PDF.
|
<<back |
