Download - Trip Wire(rohit thapliyal)
-
8/8/2019 Trip Wire(rohit thapliyal)
1/15
Presented by
INTRUSION DETECTION SYSYTEM
-
8/8/2019 Trip Wire(rohit thapliyal)
2/15
CONTENTBasically this presentation contains, What is TripWire?
How does TripWirework?
Where is TripWire used?
Tripwire for network devices.+
Tripwire for servers
How do you installand use TripWire?
W
hat is the benefit ofTrip
W
ire? What are the chances ofTripWire?
Final word on TripWire.
-
8/8/2019 Trip Wire(rohit thapliyal)
3/15
What is TripWire?
y Reliable intrusion detection system.
y Tool that checks to see what changes have been made in your system.
y Pinpoints, notifies, determines the nature, and provides information on the changes onhow to manage the change.
y Mainly monitors the keyattributes(like binary signature, size and other related data) ofyour files.
y Changes are compared to the established good baseline.
y Security is compromised, if there is no control over the various operations taking place.
y Security not only means protecting your system against various attacks but alsomeans taking quick and decisive actions when your system is attacked.
-
8/8/2019 Trip Wire(rohit thapliyal)
4/15
How doesTripWirework?
-
8/8/2019 Trip Wire(rohit thapliyal)
5/15
y First, a baseline database is created storing the original
attributes like binary values in registry.
y If the host computer is intruded, the intruder changesthese values to go undetected.
y The TripWire software constantly checks the systemlogs to check ifany unauthorized changes were made.
y
If so, then it reports to the user.
y User can then undo those changes to revert the systemback to the original state.
-
8/8/2019 Trip Wire(rohit thapliyal)
6/15
Where
isTr
ipWire u
se
d?
y Tripwire for Servers(TS) is software used by servers.
y Can be installed on any server that needs to be monitored for anychanges.
y Typical servers include mail servers, web servers, firewalls, transactionserver, development server.
y It is also used for Host Based Intrusion Detection System(HIDS)andalso for Network Intrusion Detection System(NIDS).
y It is used for network devices like routers, switches, firewall, etc.
y Ifany of these devices are tampered with, it can lead to huge losses forthe Organization that supports the network.
-
8/8/2019 Trip Wire(rohit thapliyal)
7/15
TRIPWIRE FOR NETWORK DEVICES
Tripwire for network devices maintains alog ofallsignificant actions including adding and deleting
nodes, rules, tasks and user accounts. Automatic notification of changes to your routers,
switches and firewalls.
Automatic restoration of critical network devices.
Heterogeneous support for todays most commonlyused network devices.
-
8/8/2019 Trip Wire(rohit thapliyal)
8/15
Tripwire for serversy For the tripwire for servers software to work two
important things should be present the policy file
and the database.y The Tripwire for servers software conducts subsequent
file checks automatically comparing the state ofsystem with the baseline database.
yAny inconsistencies are reported to the Tripwiremanger and to the host system log file.
y Reports can also be emailed to an administrator.
-
8/8/2019 Trip Wire(rohit thapliyal)
9/15
There are two types of Tripwire Manager
yActive Tripwire Manager
y Passive Tripwire Manager
y
This active Tripwire Manager gives a user the ability toupdate the database, schedule integrity checks,updateand distribute policyand configuration filesand view integrity reports.
y The passive mode onlyallows toview the status of themachines and integrity reports.
-
8/8/2019 Trip Wire(rohit thapliyal)
10/15
How
do
you
install andu
se
TripWire?y Install Tripwire and customize the policy file.
y
Initialize the Tripwire database.
y Run a Tripwire integrity check.
y Examine the Tripwire report file.
y Take appropriate security measures.
y Update the Tripwire database file.
y Update the Tripwire policy file.
-
8/8/2019 Trip Wire(rohit thapliyal)
11/15
What is the
be
ne
fito
fTr
ipWire?
y Increase securityImmediately detects and pinpoints unauthorized change.
y Instill Accountability
Tripwire identifies and reports the sources of change.
y Gain VisibilityTripwire software provides a centralized view of changes acrossthe enterprise infrastructure and supports multiple devices frommultiple vendors.
y Ensure AvailabilityTripwire software reduces troubleshooting time, enabling rapiddiscoveryand recovery. Enables the fastest possible restorationback to a desired, good state.
-
8/8/2019 Trip Wire(rohit thapliyal)
12/15
What are
the
chance
so
fTr
ipWire?
y The main attractive feature of this system is that the
software generates a report about which file has been
violated, when the file has been violated and also whatinformation in the files have been changed.
y If properly used it also helps to detect who made the
changes.
y Proper implementation of the system must be done with afull time manager and crisis management department.
-
8/8/2019 Trip Wire(rohit thapliyal)
13/15
Where did I get this Information?ywww.tripwire.com
ywww.iec.com
ywww.itpaper.comywww.google.com (Search for Tripwire)
-
8/8/2019 Trip Wire(rohit thapliyal)
14/15
ANY QUESTIONS ?ANY QUESTIONS ?
-
8/8/2019 Trip Wire(rohit thapliyal)
15/15
THANK YOU FOR
LISTENING
PATIENTLY!