Scribd
Upload
178 views15 pages

Presented By: Intrusion Detection Sysytem

Tripwire is an intrusion detection system that monitors key system files and alerts administrators of any unauthorized changes between a system's actual configuration and its baseline. It works by creating a database of file attributes when first installed and then constantly checks for any differences, reporting them to the user. Tripwire can be used to monitor servers, network devices, and other systems and helps increase security, accountability, and system availability. It assists in detecting intrusions and enabling fast recovery to a known good state.

Uploaded by

Ragala Vishwateja
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
178 views15 pages

Presented By: Intrusion Detection Sysytem

Tripwire is an intrusion detection system that monitors key system files and alerts administrators of any unauthorized changes between a system's actual configuration and its baseline. It works by creating a database of file attributes when first installed and then constantly checks for any differences, reporting them to the user. Tripwire can be used to monitor servers, network devices, and other systems and helps increase security, accountability, and system availability. It assists in detecting intrusions and enabling fast recovery to a known good state.

Uploaded by

Ragala Vishwateja
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 15

INTRUSION DETECTION SYSYTEM

PRESENTED BY
K.MANOHAR REDDY
CONTENT
Basically this presentation contains,
• What is TripWire?

• How does TripWire work?

• Where is TripWire used?

• Tripwire for network devices.+

• Tripwire for servers

• How do you install and use TripWire?

• What is the benefit of TripWire?

• What are the chances of TripWire?

• Final word on TripWire.


What is TripWire?
 Reliable intrusion detection system.

 Tool that checks to see what changes have been made in your system.

 Pinpoints, notifies, determines the nature, and provides information on the changes on
how to manage the change.

 Mainly monitors the key attributes(like binary signature, size and other related data) of
your files.

 Changes are compared to the established good baseline.

 Security is compromised, if there is no control over the various operations taking place.

 Security not only means protecting your system against various attacks but also
means taking quick and decisive actions when your system is attacked.
How does
TripWire work?
First, a baseline database is created storing the
original attributes like binary values in registry.

If the host computer is intruded, the intruder changes


these values to go undetected.

The TripWire software constantly checks the system


logs to check if any unauthorized changes were made.

If so, then it reports to the user.

User can then undo those changes to revert the


system back to the original state.
Where is TripWire used?
 Tripwire for Servers(TS) is software used by servers.

 Can be installed on any server that needs to be monitored for any


changes.

 Typical servers include mail servers, web servers, firewalls, transaction


server, development server.

 It is also used for Host Based Intrusion Detection System(HIDS) and


also for Network Intrusion Detection System(NIDS).

 It is used for network devices like routers, switches, firewall, etc.

 If any of these devices are tampered with, it can lead to huge losses for
the Organization that supports the network.
TRIPWIRE FOR NETWORK DEVICES
• Tripwire for network devices maintains a log of all
significant actions including adding and deleting
nodes, rules, tasks and user accounts.
• Automatic notification of changes to your routers,
switches and firewalls.
• Automatic restoration of critical network devices.
• Heterogeneous support for today’s most commonly
used network devices.
Tripwire for servers
For the tripwire for server’s software to work two
important things should be present –the policy file
and the database.
The Tripwire for server’s software conducts
subsequent file checks automatically comparing the
state of system with the baseline database.
Any inconsistencies are reported to the Tripwire
manger and to the host system log file.
Reports can also be emailed to an administrator.
There are two types of Tripwire Manager
Active Tripwire Manager
Passive Tripwire Manager
 
This active Tripwire Manager gives a user the ability
to update the database, schedule integrity checks,
update and distribute policy and configuration files
and view integrity reports.

The passive mode only allows to view the status of


the machines and integrity reports.
How do you install and use
TripWire?
 Install Tripwire and customize the policy file.

 Initialize the Tripwire database.

 Run a Tripwire integrity check.

 Examine the Tripwire report file.

 Take appropriate security measures.

 Update the Tripwire database file.

 Update the Tripwire policy file.


What is the benefit of TripWire?
Increase security
Immediately detects and pinpoints unauthorized change.

 Instill Accountability
Tripwire identifies and reports the sources of change.

Gain Visibility
Tripwire software provides a centralized view of changes across
the enterprise infrastructure and supports multiple devices
from multiple vendors.

Ensure Availability
Tripwire software reduces troubleshooting time, enabling rapid
discovery and recovery. Enables the fastest possible restoration
back to a desired, good state.
What are the chances of TripWire?
The main attractive feature of this system is that the
software generates a report about which file has been
violated, when the file has been violated and also what
information in the files have been changed.

If properly used it also helps to detect who made the


changes.

Proper implementation of the system must be done with a


full time manager and crisis management department.
Where did I get this Information?
www.tripwire.com
www.iec.com
www.itpaper.com
www.google.com (Search for Tripwire)
ANY QUESTIONS ?
THANK YOU FOR
LISTENING
PATIENTLY!

You might also like