1 / 11

T RIP W IRE

T RIP W IRE. Karthik Mohanasundaram Wright State University. Topics of Interest. Introduction to Intrusion Detection Systems Functionalities of Tripwire. Classification of IDS. Network Intrusion Detection System [NIDS] Example: Nessus, FireStorm

nikkos
Download Presentation

T RIP W IRE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TRIPWIRE Karthik Mohanasundaram Wright State University

  2. Topics of Interest • Introduction to Intrusion Detection Systems • Functionalities of Tripwire

  3. Classification of IDS • Network Intrusion Detection System [NIDS] Example: Nessus, FireStorm • Network Node Intrusion Detection System [NNIDS] Example: Real Secure • Host Intrusion Detection System [HIDS] Example: TripWire, Intruder Alert

  4. Advantages of HIDS • A HIDS resides on the system being monitored and tracks changes made to important files and directories • A HIDS does not look for patterns and monitors changes within a specified set of rules

  5. Introduction • Tripwire is a Host Based Intrusion detection System which can be used to ensure the integrity of critical system files and directories by identifying all changes made to them specified in its configuration file • Tripwire compares the files and directories with a baseline database that was generated initially

  6. Password phrases • Tripwire uses two password phrases to sign or encrypt the important key files so that they are not altered by normal users. Two password phrases are employed for these purposes • Site-Key passphrase • Local-Key passphrase

  7. continued .. • The Site-Key password phrase protects the site key which signs Tripwire Configuration File and Policy File • The Local-Key password phrase protects the local key which signs the Tripwire database and Tripwire Report

  8. Post-Installation Procedures • Run the Configuration script to sign the important files • Initialize the tripwire database • Run the First Integrity Check • Modify the Configuration and Policy files if necessary

  9. Operation Model of Tripwire

  10. Tripwire Update States

  11. Bibliography • Official Red Hat Linux Reference Guide [www.redhat.com] • The Design and Implementation of Tripwire: A File System Integrity Checker by Gene H. Kim & Eugene H. Spafford

More Related