8/8/2019 Trip Wire(rohit thapliyal)

1/15

Presented by

INTRUSION DETECTION SYSYTEM

8/8/2019 Trip Wire(rohit thapliyal)

2/15

CONTENTBasically this presentation contains, What is TripWire?

How does TripWirework?

Where is TripWire used?

Tripwire for network devices.+

Tripwire for servers

How do you installand use TripWire?

W

hat is the benefit ofTrip

W

ire? What are the chances ofTripWire?

Final word on TripWire.

8/8/2019 Trip Wire(rohit thapliyal)

3/15

What is TripWire?

y Reliable intrusion detection system.

y Tool that checks to see what changes have been made in your system.

y Pinpoints, notifies, determines the nature, and provides information on the changes onhow to manage the change.

y Mainly monitors the keyattributes(like binary signature, size and other related data) ofyour files.

y Changes are compared to the established good baseline.

y Security is compromised, if there is no control over the various operations taking place.

y Security not only means protecting your system against various attacks but alsomeans taking quick and decisive actions when your system is attacked.

8/8/2019 Trip Wire(rohit thapliyal)

4/15

How doesTripWirework?

8/8/2019 Trip Wire(rohit thapliyal)

5/15

y First, a baseline database is created storing the original

attributes like binary values in registry.

y If the host computer is intruded, the intruder changesthese values to go undetected.

y The TripWire software constantly checks the systemlogs to check ifany unauthorized changes were made.

y

If so, then it reports to the user.

y User can then undo those changes to revert the systemback to the original state.

8/8/2019 Trip Wire(rohit thapliyal)

6/15

Where

isTr

ipWire u

se

d?

y Tripwire for Servers(TS) is software used by servers.

y Can be installed on any server that needs to be monitored for anychanges.

y Typical servers include mail servers, web servers, firewalls, transactionserver, development server.

y It is also used for Host Based Intrusion Detection System(HIDS)andalso for Network Intrusion Detection System(NIDS).

y It is used for network devices like routers, switches, firewall, etc.

y Ifany of these devices are tampered with, it can lead to huge losses forthe Organization that supports the network.

8/8/2019 Trip Wire(rohit thapliyal)

7/15

TRIPWIRE FOR NETWORK DEVICES

Tripwire for network devices maintains alog ofallsignificant actions including adding and deleting

nodes, rules, tasks and user accounts. Automatic notification of changes to your routers,

switches and firewalls.

Automatic restoration of critical network devices.

Heterogeneous support for todays most commonlyused network devices.

8/8/2019 Trip Wire(rohit thapliyal)

8/15

Tripwire for serversy For the tripwire for servers software to work two

important things should be present the policy file

and the database.y The Tripwire for servers software conducts subsequent

file checks automatically comparing the state ofsystem with the baseline database.

yAny inconsistencies are reported to the Tripwiremanger and to the host system log file.

y Reports can also be emailed to an administrator.

8/8/2019 Trip Wire(rohit thapliyal)

9/15

There are two types of Tripwire Manager

yActive Tripwire Manager

y Passive Tripwire Manager

y

This active Tripwire Manager gives a user the ability toupdate the database, schedule integrity checks,updateand distribute policyand configuration filesand view integrity reports.

y The passive mode onlyallows toview the status of themachines and integrity reports.

8/8/2019 Trip Wire(rohit thapliyal)

10/15

How

do

you

install andu

se

TripWire?y Install Tripwire and customize the policy file.

y

Initialize the Tripwire database.

y Run a Tripwire integrity check.

y Examine the Tripwire report file.

y Take appropriate security measures.

y Update the Tripwire database file.

y Update the Tripwire policy file.

8/8/2019 Trip Wire(rohit thapliyal)

11/15

What is the

be

ne

fito

fTr

ipWire?

y Increase securityImmediately detects and pinpoints unauthorized change.

y Instill Accountability

Tripwire identifies and reports the sources of change.

y Gain VisibilityTripwire software provides a centralized view of changes acrossthe enterprise infrastructure and supports multiple devices frommultiple vendors.

y Ensure AvailabilityTripwire software reduces troubleshooting time, enabling rapiddiscoveryand recovery. Enables the fastest possible restorationback to a desired, good state.

8/8/2019 Trip Wire(rohit thapliyal)

12/15

What are

the

chance

so

fTr

ipWire?

y The main attractive feature of this system is that the

software generates a report about which file has been

violated, when the file has been violated and also whatinformation in the files have been changed.

y If properly used it also helps to detect who made the

changes.

y Proper implementation of the system must be done with afull time manager and crisis management department.

8/8/2019 Trip Wire(rohit thapliyal)

13/15

Where did I get this Information?ywww.tripwire.com

ywww.iec.com

ywww.itpaper.comywww.google.com (Search for Tripwire)

8/8/2019 Trip Wire(rohit thapliyal)

14/15

ANY QUESTIONS ?ANY QUESTIONS ?

8/8/2019 Trip Wire(rohit thapliyal)

15/15

THANK YOU FOR

LISTENING

PATIENTLY!