Swami Keshvanand Institute of Technology, Management & Gramothan, Jaipur

Department of Computer Science & Engineering (NBA Accredited)

Seminar
on
“TRIPWIRE”

Presented To: Presented by :

Mr. Pankaj Dadheech Lakshman Rajpurohit
Associate Professor Roll No. - 14ESKCS054
 CONTENTS
 What is Tripwire?
 How does Tripwire Works?
 Where is Tripwire Used ?
 Tripwire for Network Devices
 User Authentication Levels
 Tripwire Manager
 benefits of Tripwire
 Drawbacks
 Applications
 Thousands of companies trust tripwire
 Conclusion
 References
 What is Tripwire?
 Reliable intrusion detection system.
 Tool that checks to see what changes have been made in your
system.
 Pinpoints, notifies, determines the nature, and provides
information on the changes on how to manage the change.
 Mainly monitors the key attributes(like binary signature, size
and other related data) of your files.
 What is Tripwire?
 Changes are compared to the established good baseline.
 Security is compromised, if there is no control over the various
operations taking place.
 Security not only means protecting your system against various
attacks but also means taking quick and decisive actions when
your system is attacked.
How does Tripwire Works?
 First, a baseline database is created storing the original
attributes like binary values in registry.
 If the host computer is intruded, the intruder changes
these values to go undetected.
 The Tripwire software constantly checks the system logs to
check if any unauthorized changes were made.
 If so, then it reports to the user.
 User can then undo those changes to revert the system
back to the original state.
 Where is Tripwire Used ?
 Tripwire for Servers(TS) is software used by servers.
 Can be installed on any server that needs to be monitored for
any changes.
 Typical servers include mail servers, web servers, firewalls,
transaction server, development server.
 It is used for network devices like routers, switches, firewall,
etc.
 If any of these devices are tampered with, it can lead to huge
losses for the Organization that supports the network.
Tripwire for Network Devices
 Tripwire for network devices maintains a log of all significant
actions including adding and deleting nodes, rules, tasks and
user accounts.
 Automatic notification of changes to your routers, switches and
firewalls.
 Automatic restoration of critical network devices.
 Heterogeneous support for today’s most commonly used
network devices.
 User Authentication Levels
 Monitors are allowed only to monitor the application. They
cannot make changes to Tripwire for Network Devices or to the
devices that the software monitors.
 Users can make changes to Tripwire for Network Devices,
such as add routers, switches, groups, tasks etc. but they cannot
make changes to the devices it monitors
 Power users can make changes to the software and to the
devices it monitors.
 Administrator can perform all actions, plus delete violations
and log messages
 Tripwire Manager
There are two types of Tripwire Manager
 Active Tripwire Manager
 Passive Tripwire Manager

 Active Tripwire Manager gives a user the ability to update

the database, schedule integrity checks, update and distribute
policy and configuration files and view integrity reports.

 Passive Tripwire Manager mode only allows to view the

status of the machines and integrity reports.
 Benefits of Tripwire
 Increase security: Immediately detects and pinpoints
unauthorized change.
 Instill Accountability: Tripwire identifies and reports the
sources of change.
 Gain Visibility: Tripwire software provides a centralized view
of changes across the enterprise infrastructure and supports
multiple devices from multiple vendors.
 Ensure Availability: Tripwire software reduces
troubleshooting time, enabling rapid discovery and recovery.
Enables the fastest possible restoration back to a desired, good
state.
 Drawbacks
 Ineffective when applied to frequently
changing files.
 Higher learning curve to install, edit, and
maintain the software.
 Cost Effective
 Applications
 Tripwire for Servers (used as software).
 Tripwire for Host Based Intrusion Detection
System(HIDS)
 Tripwire for Network Based Intrusion
Detection System (NIDS).
 Tripwire for Network Devices like Routers,
Switches etc.
Thousands of Companies Trust Tripwire
 Conclusion
 Although having some limitations but still Tripwire is a
reliable intrusion detection system.
 It is a software that can be installed in any type of system
where damaged files are to be detected.
 The main attractive feature of this system is that the
software generates a report about which file have been
violated, when the file have been violated and also what in
the files have been changed.
 References
[1]. Kim, Gene H. and Spafford, Eugene H., "The Design and
Implementation of Tripwire: A File System Integrity Checker
(1993). Computer Science Technical Reports, Paper 1084

[2]. Doug Bandow. Tripwire: Korea and U.S. Foreign Policy in a

Changed World. Cato Institute, 1996

[3]. Tripwire Log Center: Next Generation Log and Event

Management, White paper published by Tripwire