Swami Keshvanand Institute of Technology, Management & Gramothan, Jaipur
Department of Computer Science & Engineering (NBA Accredited)
Seminar on “TRIPWIRE”
Presented To: Presented by :
Mr. Pankaj Dadheech Lakshman Rajpurohit Associate Professor Roll No. - 14ESKCS054 CONTENTS What is Tripwire? How does Tripwire Works? Where is Tripwire Used ? Tripwire for Network Devices User Authentication Levels Tripwire Manager benefits of Tripwire Drawbacks Applications Thousands of companies trust tripwire Conclusion References What is Tripwire? Reliable intrusion detection system. Tool that checks to see what changes have been made in your system. Pinpoints, notifies, determines the nature, and provides information on the changes on how to manage the change. Mainly monitors the key attributes(like binary signature, size and other related data) of your files. What is Tripwire? Changes are compared to the established good baseline. Security is compromised, if there is no control over the various operations taking place. Security not only means protecting your system against various attacks but also means taking quick and decisive actions when your system is attacked. How does Tripwire Works? First, a baseline database is created storing the original attributes like binary values in registry. If the host computer is intruded, the intruder changes these values to go undetected. The Tripwire software constantly checks the system logs to check if any unauthorized changes were made. If so, then it reports to the user. User can then undo those changes to revert the system back to the original state. Where is Tripwire Used ? Tripwire for Servers(TS) is software used by servers. Can be installed on any server that needs to be monitored for any changes. Typical servers include mail servers, web servers, firewalls, transaction server, development server. It is used for network devices like routers, switches, firewall, etc. If any of these devices are tampered with, it can lead to huge losses for the Organization that supports the network. Tripwire for Network Devices Tripwire for network devices maintains a log of all significant actions including adding and deleting nodes, rules, tasks and user accounts. Automatic notification of changes to your routers, switches and firewalls. Automatic restoration of critical network devices. Heterogeneous support for today’s most commonly used network devices. User Authentication Levels Monitors are allowed only to monitor the application. They cannot make changes to Tripwire for Network Devices or to the devices that the software monitors. Users can make changes to Tripwire for Network Devices, such as add routers, switches, groups, tasks etc. but they cannot make changes to the devices it monitors Power users can make changes to the software and to the devices it monitors. Administrator can perform all actions, plus delete violations and log messages Tripwire Manager There are two types of Tripwire Manager Active Tripwire Manager Passive Tripwire Manager
Active Tripwire Manager gives a user the ability to update
the database, schedule integrity checks, update and distribute policy and configuration files and view integrity reports.
Passive Tripwire Manager mode only allows to view the
status of the machines and integrity reports. Benefits of Tripwire Increase security: Immediately detects and pinpoints unauthorized change. Instill Accountability: Tripwire identifies and reports the sources of change. Gain Visibility: Tripwire software provides a centralized view of changes across the enterprise infrastructure and supports multiple devices from multiple vendors. Ensure Availability: Tripwire software reduces troubleshooting time, enabling rapid discovery and recovery. Enables the fastest possible restoration back to a desired, good state. Drawbacks Ineffective when applied to frequently changing files. Higher learning curve to install, edit, and maintain the software. Cost Effective Applications Tripwire for Servers (used as software). Tripwire for Host Based Intrusion Detection System(HIDS) Tripwire for Network Based Intrusion Detection System (NIDS). Tripwire for Network Devices like Routers, Switches etc. Thousands of Companies Trust Tripwire Conclusion Although having some limitations but still Tripwire is a reliable intrusion detection system. It is a software that can be installed in any type of system where damaged files are to be detected. The main attractive feature of this system is that the software generates a report about which file have been violated, when the file have been violated and also what in the files have been changed. References [1]. Kim, Gene H. and Spafford, Eugene H., "The Design and Implementation of Tripwire: A File System Integrity Checker (1993). Computer Science Technical Reports, Paper 1084
[2]. Doug Bandow. Tripwire: Korea and U.S. Foreign Policy in a
Changed World. Cato Institute, 1996
[3]. Tripwire Log Center: Next Generation Log and Event
Computer Networking Beginners Guide: An Introduction on Wireless Technology and Systems Security to Pass CCNA Exam, With a Hint of Linux Programming and Command Line