Sei sulla pagina 1di 2

Tripwire

Definition
Tripwire is a reliable intrusion detection system. It is a software tool that ch
ecks to see what has changed in your system. It mainly monitors the key attribut
e of your files, by key attribute we mean the binary signature, size and other r
elated data. Security and operational stability must go hand in hand, if the use
r does not have control over the various operations taking place then naturally
the security of the system is also compromised. Tripwire has a powerful feature
which pinpoints the changes that has taken place, notifies the administrator of
these changes, determines the nature of the changes and provide you with informa
tion you need for deciding how to manage the change.
Tripwire Integrity management solutions monitor changes to vital system and conf
iguration files. Any changes that occur are compared to a snapshot of the establ
ished good baseline. The software detects the changes, notifies the staff and en
ables rapid recovery and remedy for changes. All Tripwire installation can be ce
ntrally managed. Tripwire software's cross platform functionality enables you to
manage thousands of devices across your infrastructure.
Security not only means protecting your system against various attacks but also
means taking quick and decisive actions when your system is attacked. First of a
ll we must find out whether our system is attacked or not, earlier system logs w
ere certainly handy. You can see evidences of password guessing and other suspic
ious activities. Logs are ideal for tracing steps of the cracker as he tries to
penetrate into the system. But who has the time and the patience to examine the
logs on a daily basis?
Penetration usually involves a change of some kind, like a new port has been ope
ned or a new service. The most common change you can see is that a file has chan
ged. If you can identify the key subsets of these files and monitor them on a da
ily basis, then we will be able to detect whether any intrusion took place. Trip
wire is an open source program created to monitor the changes in a key subset of
files identified by the user and report on any changes in any of those files. W
hen changes made are detected, the system administrator is informed. Tripwire 's
principle is very simple, the system administrator identifies key files and cau
ses tripwire to record checksum for those files.
He also puts in place a cron job, whose job is to scan those files at regular in
tervals (daily or more frequently), comparing to the original checksum. Any chan
ges, addition or deletion, are reported to the administrator. The administrator
will be able to determine whether the changes were permitted or unauthorized cha
nges. If it was the earlier case the n the database will be updated so that in f
uture the same violation wouldn't be repeated. In the latter case then proper re
covery action would be taken immediately.
Tripwire For Servers
Tripwire for Servers is a software that is exclusively used by servers. This sof
tware can be installed on any server that needs to be monitored for any changes.
Typical servers include mail servers, web servers, firewalls, transaction serve
r, development server etc, Any server where it is imperative to identity if and
when a file system change has occurred should b monitored with tripwire for serv
ers. For the tripwire for servers software to work two important things should b
e present - the policy file and the database.
The tripwire for Servers software conducts subsequent file checks, automatically
comparing the state of the system with the baseline database. Any inconsistenci
es are reported to the Tripwire Manager and to the host system log file. Reports
can also be emailed to an administrator. If a violation is an authorized change
, a user can update the database so changes no longer show up as violations.

Potrebbero piacerti anche