TRIP WIRE

1
TRIP WIRE
INTRUSION DETECTION SYSYTEM

• Presented by
• C.SARITHA
• (07R91A0568)

2
CONTENT

• Basically this presentation contains,
• What is TripWire?
• How does TripWire work?
• Where is TripWire used?
• How do you install and use TripWire?
• What is the benefit of TripWire?
• Final word on TripWire.

3
What is TripWire?

• Reliable intrusion detection system.
• Tool that checks to see what changes have been
  made in your system.
• Pinpoints, notifies, determines the nature, and
  provides information on the changes on how to
  manage the change.
• Mainly monitors the key attributes(like binary
  signature, size and other related data) of your
  files.
• Changes are compared to the established good
  baseline.
• Security is compromised, if there is no control
  over the various operations taking place.
• Security not only means protecting your system
  against various attacks but also means taking
  quick and decisive actions when your system is
  attacked.

4
How does TripWire work?
5

• First, a baseline database is created storing the
  original attributes like binary values in
  registry.
• If the host computer is intruded, the intruder
  changes these values to go undetected.
• The TripWire software constantly checks the
  system logs to check if any unauthorized changes
  were made.
• If so, then it reports to the user.
• User can then undo those changes to revert the
  system back to the original state.

6
Where is TripWire used?

• Tripwire for Servers(TS) is software used by
  servers.
• Can be installed on any server that needs to be
  monitored for any changes.
• Typical servers include mail servers, web
  servers, firewalls, transaction server,
  development server.
• It is also used for Host Based Intrusion
  Detection System(HIDS) and also for Network
  Intrusion Detection System(NIDS).
• It is used for network devices like routers,
  switches, firewall, etc.
• If any of these devices are tampered with, it can
  lead to huge losses for the Organization that
  supports the network.

7
How do you install and use TripWire?

• Install Tripwire and customize the policy file.
• Initialize the Tripwire database.
• Run a Tripwire integrity check.
• Examine the Tripwire report file.
• Take appropriate security measures.
• Update the Tripwire database file.
• Update the Tripwire policy file.

8
What is the benefit of TripWire?

• Increase security
• Immediately detects and pinpoints unauthorized
  change.
• Instill Accountability
• Tripwire identifies and reports the sources of
  change.
• Gain Visibility
• Tripwire software provides a centralized view of
  changes across the enterprise infrastructure and
  supports multiple devices from multiple vendors.
• Ensure Availability
• Tripwire software reduces troubleshooting time,
  enabling rapid discovery and recovery. Enables
  the fastest possible restoration back to a
  desired, good state.

9
Where did I get this Information?

• www.tripwire.com
• www.iec.com
• www.itpaper.com
• www.google.com (Search for Tripwire)

10

• ANY QUESTIONS ?

11
THANK YOU FOR LISTENING PATIENTLY!