TRIP WIRE - PowerPoint PPT Presentation

About This Presentation

Title:

TRIP WIRE

Description:

Number of Views:118

Avg rating:3.0/5.0

Slides: 20

Provided by: NeilG152

Category:

Tags: trip | wire | hids

Transcript and Presenter's Notes

Title: TRIP WIRE

1
TRIP WIRE
INTRUSION DETECTION SYSYTEM
2
CONTENT

3
What is TripWire?

Reliable intrusion detection system.
Tool that checks to see what changes have been
made in your system.
Pinpoints, notifies, determines the nature, and
provides information on the changes on how to
manage the change.
Mainly monitors the key attributes(like binary
signature, size and other related data) of your
files.
Changes are compared to the established good
baseline.
Security is compromised, if there is no control
over the various operations taking place.
Security not only means protecting your system
against various attacks but also means taking
quick and decisive actions when your system is
attacked.

4
Elements of tripwire

5
How does TripWire work?
6

First, a baseline database is created storing the
original attributes like binary values in
registry.
If the host computer is intruded, the intruder
changes these values to go undetected.
The TripWire software constantly checks the
system logs to check if any unauthorized changes
were made.
If so, then it reports to the user.
User can then undo those changes to revert the
system back to the original state.

7
Where is TripWire used?

Tripwire for Servers(TS) is software used by
servers.
Can be installed on any server that needs to be
monitored for any changes.
Typical servers include mail servers, web
servers, firewalls, transaction server,
development server.
It is also used for Host Based Intrusion
Detection System(HIDS) and also for Network
Intrusion Detection System(NIDS).
It is used for network devices like routers,
switches, firewall, etc.
If any of these devices are tampered with, it can
lead to huge losses for the Organization that
supports the network.

8
TRIPWIRE FOR NETWORK DEVICES

Tripwire for network devices maintains a log of
all significant actions including adding and
deleting nodes, rules, tasks and user accounts.
Automatic notification of changes to your
routers, switches and firewalls.
Automatic restoration of critical network
devices.
Heterogeneous support for todays most commonly
used network devices.

9
User authentication levels

Monitors are allowed only to monitor the
application. They cannot make changes to Tripwire
for Network Devices or to the devices that the
software monitors.
Users can make changes to Tripwire for Network
Devices, such as add routers, switches. Groups,
tasks, etc., but they cannot make changes to the
devices it monitors.
Powerusers can make changes to the software and
to the devices it monitors.
Administrator can perform all actions, plus
delete violations and log messages as well as
add, delete, or modify user accounts

10
Tripwire for servers

For the tripwire for servers software to work
two important things should be present the
policy file and the database.
The Tripwire for servers software conducts
subsequent file checks automatically comparing
the state of system with the baseline database.
Any inconsistencies are reported to the Tripwire
manger and to the host system log file.
Reports can also be emailed to an administrator.

There are two types of Tripwire Manager
Active Tripwire Manager
Passive Tripwire Manager
This active Tripwire Manager gives a user the
ability to update the database, schedule
integrity checks, update and distribute policy
and configuration files and view integrity
reports.
The passive mode only allows to view the status
of the machines and integrity reports.

12
How do you install and use TripWire?

13
What is the benefit of TripWire?

Increase security
Immediately detects and pinpoints unauthorized
change.
Instill Accountability
Tripwire identifies and reports the sources of
change.
Gain Visibility
Tripwire software provides a centralized view of
changes across the enterprise infrastructure and
supports multiple devices from multiple vendors.
Ensure Availability
Tripwire software reduces troubleshooting time,
enabling rapid discovery and recovery. Enables
the fastest possible restoration back to a
desired, good state.

14
What are the chances of TripWire?

The main attractive feature of this system is
that the
software generates a report about which file
has been
violated, when the file has been violated and
also what
information in the files have been changed.
If properly used it also helps to detect who made
the changes.
Proper implementation of the system must be done
with a full time manager and crisis management
department.

15
Where did I get this Information?

ADVANTAGES
Increase security
Immediately detects and pinpoints unauthorized
change.
Instill Accountability
Tripwire identifies and reports the sources of
change.
Gain Visibility
Tripwire software provides a centralized view of
changes across the enterprise infrastructure and
supports multiple devices from multiple vendors.
Ensure Availability
Tripwire software reduces troubleshooting time,
enabling rapid discovery and recovery. Enables
the fastest possible restoration back to a
desired, good state.

APPLICATIONS
Tripwire for Servers(used as software).
Tripwire for Host Based Intrusion Detection
System (HIDS) and also for Network Based
Intrusion Detection System (NIDS).
Tripwire for Network Devices like Routers,
Switches etc.

19
Thank you

Write a Comment

User Comments (0)