SlideShare uma empresa Scribd logo

How Tripwire Automates File System Integrity Checks

Transferir como DOC, PDF
FITSUM RISTU LAKEW
FITSUM RISTU LAKEW
Tecnologia
1 de 16
1 TRIPWIRE How Tripwire software is effective to automate the process of verifying file system integrity on a machine. FITSUM R. LAKEW INFA – 630 Prof. Jeff Clark November 21, 2010 UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE
2 TRIPWIRE Outline: Abstract Introduction Main Body: • Functional Applicability • Limitations • Installing Tripwire • Activating Tripwire Conclusion References
3 TRIPWIRE How Tripwire software is effective to automate the process of verifying file system integrity on a machine. Abstract Security in computer systems is vital in protecting the integrity of stored information. The file system provides a mechanism that can be used for storage purposes. This mechanism can also be used to access data and programs in a computer system. Information residing on a file system is valuable and should be monitored for unauthorized and unexpected changes to protect the system against intrusion. In a network platform, monitoring these changes becomes quite a daunting task. Tripwire is a tool that aids UNIX system administrators to check for any changes that are made on a selective set of files, directories, and databases (Northcutt & Novack, 2002). It notifies the system administrator whenever files have been altered or corrupted. This enables the system administrator can take action in a timely manner. This paper will describe the intrusion detection mechanism provided by Tripwire. It will also outline the design and implementation of Tripwire. It will explore the advantages of using Tripwire to automate the process of verifying file system integrity on a machine. It will also explore the software’s limitations. This paper will prove Tripwire’s effectiveness in detecting altered or corrupted files.
4 TRIPWIRE Introduction Tripwire refers to software that confirms the integrity of a system. It is a utility that compares the properties of specific files and directories against data that has been stored in an archive. Tripwire creates software that allows users to edit and configure a system’s overall security. Bejtlich (2005) argues that Tripwire is a toll that can be used to detect corrupted files. Tripwire can also serve as an archive for files and folders that have been disorganized. Tripwire is a tool that informs the user about changes in the system (Northcutt & Novack, 2002). Reports from the software are usually sent in an XML or HTML format (Northcutt & Novack, 2002). This enables a user to access the data from a web browser. Tripwire took 12 months to develop. Open Source Tripwire was an original version of the software. It was created using a code that was designed by Tripwire Incorporated (Bejtlich, 2005). It was initially free. Police officers and private security firms use it. It is still used to alert people about file changes that occur in a wide variety of systems. Private organizations can also use tripwire. It can be used to keep track of privately owned servers. It can update the user through daily e-mail.
5 TRIPWIRE Functional Applicability Tripwire can be used as an intrusion detection system that is governed by a host. Network bases do not restrict it. It notifies the user concerning the changes that may occur in file system objects (Bejtlich, 2005). Tripwire lets the user know whether the server has been compromised. It employs the use of an e-mail alert system this system is activated once the software detects a problem. Tripwire detects specific anomalies in the system. It allows the user to determine the specific files that may have been compromised (Northcutt & Novack, 2002). Administrators will know which actions to take once Tripwire alerts them about changes in the system. Servers that have been corrupted can therefore be removed from the network. “The single most important time efficiency issue with Tripwire is the lack of a report history mechanism, which would drastically reduce the number of reports. For instance, a dozen systems being checked three times per day can result in over 1000 reports per month, any one of which could contain the critical information the tool is supposed to detect. Even the most careful tuning cannot prevent this; for instance, the installation or modification of a large software package may suddenly result in a large report that will continue until the administrator has time to do a database update.” (Arnold, 2001) Tripwire allows users to monitor the progress of their servers. It can be used to detect the installation of unauthorized software (Bejtlich, 2005). Trost
6 TRIPWIRE (2009) asserts that Tripwire can also verify a system’s compliance with regard to the user’s security policy. The software can operate as an archive. Tripwire’s archive can be compared with other systems for the sake of compatibility. Northcutt & Novack (2002) state that tripwire can be used to recover lost files and folders. It can also be used to assess the damage that may have been caused within a given server. Tripwire provides the user with options that are based on the changes that have been detected within a given system. The information retrieved from Tripwire’s damage report can be used to prepare the user for similar problems in the future. Once Tripwire has been activated, it scans all the files within a given database. Tripwire employs cryptographic hashes in order to detect anomalies in a file. These hashes are used to filter components of the file that may not be needed. A user can access particular files and folders by adjusting the tripwire configuration. Tripwire can be tweaked to target particular files in the system’s database. This process operates like a filter. A user can customize the scanning process in order to save time and resources. Tripwire can be used on specific servers. It can be applied to an entire network. It can also run as a centralized system (Trost, 2009). It can also be used to test the integrity of Windows VFAT file systems like FAT 32 AND FAT 16 (Bejtlich, 2005).
7 TRIPWIRE Tripwire is not restricted to a particular format. It is portable and dynamic. It runs on several UNIX variations. Its programs can therefore be shared among different systems. Tripwire’s database files are easy to read. This is because they are encoded using a standard ASCII format (Trost, 2009). The ASCII format enables files to be read on different platforms. Tripwire is a form of self-sufficient software. A user can run Tripwire program without the use of outside programs (Bejtlich, 2005). This enables administrators to secure the privacy of their customers. Host-based intrusions can be detected by monitoring changes within the file system (Trost, 2009). Tripwire is therefore the best software a user can employ to detect anomalies within a given system. Administrators can also use the software to take note of unauthorized modifications within a given network (Bejtlich, 2005). Hackers are hardly ever detected. Tripwire can be used to alert administrators whenever the system’s security is compromised. Myers (2000) states the following: Intrusion Detection involves detecting unauthorized access and destructive activity on your computer system. Intrusion Detection is a clear requirement for all e-commerce merchants. According to the annual study released March 22, 2000 by the Computer Security Institute and the FBI, 90% of the survey respondents detected a computer security breach
8 TRIPWIRE within the last twelve months. The study showed that the most serious financial losses were caused by activities that concern e-commerce merchants directly: theft of proprietary information (e.g., stealing customer credit card numbers), and financial fraud (e.g., setting up a bogus storefront). For e-commerce merchants, the focus of Intrusion Detection is on the web servers, and their associated database management systems. E- commerce requires that the web servers communicate quickly and accurately with large databases of product and customer information. To optimize performance, these critical databases are, in most cases, placed on the same network segment as the web server, or even on the web server machine itself. For malicious hackers, this is a tempting prize. For hard-core cyber criminals, these databases are pay dirt. They will break in to the web server, gain administrator-level access, locate the database, and then go to work on breaking into the database and downloading customer information. This does happen. As a matter of fact, it happens more often than most of us will ever know, because the merchants who suffer break-ins often do not report them, or they report them to law enforcement agencies who do not publicize information while cases are under investigation. According to an Associated Press report released March 24, 2000, "Two 18-year-old boys were arrested in Wales, United Kingdom, on charges of breaking into
9 TRIPWIRE electronic commerce Internet sites in five countries and stealing information on 26,000 credit card accounts, the FBI said today." Such reports cause me to wonder how many such exploits are not being caught. And one can only marvel at the use of the term "boys". Why is an 18 year-old who commits armed robbery a "man", and one who violates the financial integrity of 26,000 innocents a "boy". The young men who probably spent many months planning and executing this crime are not seen as real criminals, just misguided youth. This seems to be a naive assumption. Setting up the most secure website possible is the social, and potentially legal responsibility of every e-commerce merchant who either solicits, processes, or stores confidential customer information. Further, and perhaps more convincing, a secure website is also a business imperative. There is no quicker way to lose customer confidence than to lose their credit card information (Myers, 2000). Limitations Tripwire reports are long. They are therefore tedious to analyze. Reading reports from Tripwire can be a cumbersome process. It is a time-consuming endeavor. Trost (2009) argues that Tripwire is outdated software. Its coding system is archaic. A server can function effectively without Tripwire. An antivirus
10 TRIPWIRE is generally more effective. The user has the option to restore or delete corrupted files using an antivirus. Tripwire forces the user to deal with changes that may occur on a frequent basis. For example, if a file is altered after an auditing session, the Tripwire software will alert the user. This forced the administrator to deal with trivial changes to the system. Minor changes can therefore go unnoticed. Arnold (2001) states the following: Tripwire is much like the fabled elephant and the blind men: how you feel about it depends on the perspective from which you approach it. A person who has successfully used Tripwire to detect cracked binaries and/or system miss configurations will have nothing but praise for it. On the other hand, someone who has been "stuck in the trenches" reading through endless reports in an attempt to find problems, will think that it's a labor- intensive waste of time. Minimizing the labor required dictates that reports be as brief, and as infrequent, as they possibly can be made. Using Tripwire on a day-to-day basis can be an uncreative and essentially boring activity. On the other hand, if one can reduce the torrent of data that Tripwire provides, and makes it simpler to use than it is "out of the box", then using it can become bearable (if not necessarily palatable.) Fortunately, it is possible to reduce the time and effort required to administer Tripwire, as the next section of this discussion will illustrate (Arnold, 2001).
11 TRIPWIRE The tripwire database has to be updated on a regular basis (Trost, 2009). Changes made to a system’s files prompt the user to update the software. Tripwire restricts users to a strict policy. There are terms and conditions that must be followed in order to use Tripwire effectively. The user is forced to resolve the system’s problems without the use of Tripwire. Tripwire does not remove malicious files. It does not get rid of viruses. The user is forced to do this without the use of Tripwire. According to Bejtlich (2005), Tripwire is fallible. Computer hackers can still access private files under the right circumstances. Tripwire does not serve the user as an antivirus. Trost (2009) argues that tripwire is not a firewall. It only compliments other security solutions. It cannot be used to restore a computer’s operating system (Bejtlich, 2005). Tripwire auditing must be done on a regular basis. It is a time-consuming process. The user is forced to do the work manually. File system auditing requires the use of unauthorized system resources. Tripwire does not allow the user to access these resources. The system therefore functions at a slower pace. Tripwire installation is restricted to ‘fresh’ systems. Installing Tripwire on a network is a long and cumbersome process. Only one user can install tripwire. This makes the installation process difficult. Tripwire also forces the administrator to format the system before
12 TRIPWIRE installation. Corrupted files can be ignored after Tripwire is installed. Administrators are therefore forced to install the software twice. Installing Tripwire Installing Tripwire is a simple process. There are many ways to install Tripwire. An administrator can use his distribution’s package manager to download and install the software (Bejtlich, 2005). An administrator can also access the software through the Open Source Tripwire Project online. The installation process is mainly automatic. The user affirmatively clicks on taskbars in order to authorize the procedure. Linux distributors sometimes provide a utility that can be used to configure a given system (Bejtlich, 2005). They provide the user with setup scripts that can be used to install the software. Activating Tripwire Tripwire is activated using a ‘check’ key. The process can be automated by employing an integrity check. The user can then create a chronological job entry. This ensures that the system is checked regularly. This process requires the user to edit the system’s directory. Alternatively, the user can add an appropriate script to the directory (Bejtlich, 2005). The file should then be edited by adding a line for the execution of a tripwire check.
13 TRIPWIRE Tripwire can also be activated if the software is run from another machine on the same network. This keeps hackers at bay. (Trost, 2009) suggests that the crontab line should have the following line where the host name is located: 0 2 * * * ssh-n-1 root target-host /usr/sbin/tripwire â€"check Most scholars advice users to make soft copies of their tripwire binary (Kohlenberg, Beale & Baker, 2007). The program can be run from the soft copy. For this procedure, the twcfg.txt file should be edited before the user signs in. Kohlenberg, Beale & Baker (2007) advise users to make the following changes to their /etc/twcfg.txt file: ROOT=/mnt/cdrom SITEKEYFILE=/mnt/cdrom/site.key LOCALKEYFILE=/mnt/cdrom/host-local.key Bejtlich (2005) suggests that this process is only applicable to CDROMs that mount at mnt/cdrom. Users should then sign the modified file and generate the Tripwire file. The CD-R can be removed when the process is complete. Tripwire checks can then be done by mounting the CD-R that contains the Tripwire binary (Northcutt & Novack, 2002).
14 TRIPWIRE The executable binary should be stored in a non-writable storage device. This is done to protect the codes. The tripwire database can be updated by issuing the following commands: # LASTREPORT=`ls -1t /var/lib/tripwire/report/host-*.twr |head -1` # tripwire --update --twrfile "LASTREPORT" Tripwire creates an archive of the most commonly accessed files and folders in a server (Northcutt & Novack, 2002). The user is therefore able to compare these files to the ones on his or her hard drive. This process can be used to identify files that may have been stolen or corrupted. Tripwire is composed of an Open Source and a commercial version of the software. It is made up of four major components (Trost, 2009). These include the policy files, the database, the configuration files and the report files. The configuration file houses regulations that govern the e-mail notification system. It also houses the Tripwire files as well as the server’s miscellaneous data. Tripwire allows the user to customize the software settings. The Tripwire software can also be used to make notifications based on the user’s settings. Scanning the system creates report files (Kohlenberg, Beale & Baker, 2007). These reports inform the user about specific changes to the system.
15 TRIPWIRE Conclusion Trost (2009) argues that despite its limitations, Tripwire is still an effective tool that that can be used to increase a system’s security. Tripwire is relatively effective. Administrators should therefore employ the use of an antivirus. Tripwire cannot get rid of corrupted files without the user’s consent. Kohlenberg, Beale & Baker (2007) advise administrators to invest in several integrity-auditing tools for their system. This will ensure that the system runs at optimum efficiency.
16 TRIPWIRE References Arnold, E. R. (2001). The Trouble with Tripwire. Retrieved from: http://www.symantec.com/connect/articles/trouble-tripwire Bejtlich, R. (2005). Extrusion Detection. Security Monitoring for Internal Intrusions, 47(1), 37-107. Kohlenberg, T., Beale, J., Baker, A. R. (2007). Snort IDS and IPS Toolkit with CDROM. Intrusion Detection, 10(1), 234-309. Myers, M. (2000). Intrusion Detection Preliminaries. Sanitizing Your E- Commerce Web Servers. Retrieved from: http://www.symantec.com/connect/articles/intrusion-detection- preliminaries-sanitizing-your-e-commerce-web-servers Northcutt, S. & Novack, J. (2002). Network Intrusion Detection. Protecting Your System, 27(3), 442-512. Trost, R. (2009). Practical Intrusion. Analysis Prevention for the Twenty-First Century, 21(1), 230-457.

Recomendados

A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detection
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack DetectionA Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detection
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detectionijsrd.com
 
Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method IJECEIAES
 
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET Journal
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.finalAlexisHarvey8
 
Applicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsApplicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsIDES Editor
 
Enchaning system effiency through process scanning
Enchaning system effiency through process scanningEnchaning system effiency through process scanning
Enchaning system effiency through process scanningsai kiran
 
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMAN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMIJNSA Journal
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 

Recomendados

A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detection
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack DetectionA Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detection
A Survey: Comparative Analysis of Classifier Algorithms for DOS Attack Detectionijsrd.com
 
Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method Experimental Analysis of Web Browser Sessions Using Live Forensics Method
Experimental Analysis of Web Browser Sessions Using Live Forensics Method IJECEIAES
 
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”
IRJET- Review on “Using Big Data to Defend Machines against Network Attacks”IRJET Journal
 
4777.team c.final
4777.team c.final4777.team c.final
4777.team c.finalAlexisHarvey8
 
Applicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsApplicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsIDES Editor
 
Enchaning system effiency through process scanning
Enchaning system effiency through process scanningEnchaning system effiency through process scanning
Enchaning system effiency through process scanningsai kiran
 
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMAN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHM
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMIJNSA Journal
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensicsprimeteacher32
 
Perimeter Security is Failing
Perimeter Security is FailingPerimeter Security is Failing
Perimeter Security is FailingUL Transaction Security
 
Survey on Host and Network Based Intrusion Detection System
Survey on Host and Network Based Intrusion Detection SystemSurvey on Host and Network Based Intrusion Detection System
Survey on Host and Network Based Intrusion Detection SystemEswar Publications
 
To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...Nishant Mehta
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensicsSreekanth Narendran
 
Machine learning approach to anomaly detection in cyber security
Machine learning approach to anomaly detection in cyber securityMachine learning approach to anomaly detection in cyber security
Machine learning approach to anomaly detection in cyber securityIAEME Publication
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
Cis 349 Education Specialist-snaptutorial.com
Cis 349 Education Specialist-snaptutorial.comCis 349 Education Specialist-snaptutorial.com
Cis 349 Education Specialist-snaptutorial.comrobertlesew95
 
Cis 349 Exceptional Education-snaptutorial.com
Cis 349 Exceptional Education-snaptutorial.comCis 349 Exceptional Education-snaptutorial.com
Cis 349 Exceptional Education-snaptutorial.comrobertleses8
 
Role of data mining in cyber security
Role of data mining in cyber securityRole of data mining in cyber security
Role of data mining in cyber securityPranto26
 
CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com donaldzs55
 
Cis 349 Teaching Effectively--tutorialrank.com
Cis 349 Teaching Effectively--tutorialrank.comCis 349 Teaching Effectively--tutorialrank.com
Cis 349 Teaching Effectively--tutorialrank.comSoaps82
 
Cis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.comCis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.comjhonklinz9
 
Cis 349 Inspiring Innovation--tutorialrank.com
Cis 349 Inspiring Innovation--tutorialrank.comCis 349 Inspiring Innovation--tutorialrank.com
Cis 349 Inspiring Innovation--tutorialrank.comPrescottLunt371
 
tripwire
tripwiretripwire
tripwireveena jl
 
Tripwire
TripwireTripwire
TripwireAnang Sunny
 
TRIP WIRE
TRIP WIRETRIP WIRE
TRIP WIREpraveen369
 
Power Of Social Media
Power Of Social MediaPower Of Social Media
Power Of Social MediaMonty C. M. Metzger
 
Social media ppt
Social media pptSocial media ppt
Social media pptRyan Parker
 
The ROI of Trust in Social Selling
The ROI of Trust in Social SellingThe ROI of Trust in Social Selling
The ROI of Trust in Social SellingBarbara Giamanco
 
Be a Digital Trailblazer When Building Your Brand
Be a Digital Trailblazer When Building Your Brand Be a Digital Trailblazer When Building Your Brand
Be a Digital Trailblazer When Building Your Brand Carrie Kerpen
 
How to Create the Perfect Social-Media Post
How to Create the Perfect Social-Media PostHow to Create the Perfect Social-Media Post
How to Create the Perfect Social-Media PostGuy Kawasaki
 

Mais conteúdo relacionado

Mais procurados

Survey on Host and Network Based Intrusion Detection System
Survey on Host and Network Based Intrusion Detection SystemSurvey on Host and Network Based Intrusion Detection System
Survey on Host and Network Based Intrusion Detection SystemEswar Publications
 
To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...Nishant Mehta
 
Machine learning approach to anomaly detection in cyber security
Machine learning approach to anomaly detection in cyber securityMachine learning approach to anomaly detection in cyber security
Machine learning approach to anomaly detection in cyber securityIAEME Publication
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
Cis 349 Education Specialist-snaptutorial.com
Cis 349 Education Specialist-snaptutorial.comCis 349 Education Specialist-snaptutorial.com
Cis 349 Education Specialist-snaptutorial.comrobertlesew95
 
Cis 349 Exceptional Education-snaptutorial.com
Cis 349 Exceptional Education-snaptutorial.comCis 349 Exceptional Education-snaptutorial.com
Cis 349 Exceptional Education-snaptutorial.comrobertleses8
 
Role of data mining in cyber security
Role of data mining in cyber securityRole of data mining in cyber security
Role of data mining in cyber securityPranto26
 
CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com donaldzs55
 
Cis 349 Teaching Effectively--tutorialrank.com
Cis 349 Teaching Effectively--tutorialrank.comCis 349 Teaching Effectively--tutorialrank.com
Cis 349 Teaching Effectively--tutorialrank.comSoaps82
 
Cis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.comCis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.comjhonklinz9
 
Cis 349 Inspiring Innovation--tutorialrank.com
Cis 349 Inspiring Innovation--tutorialrank.comCis 349 Inspiring Innovation--tutorialrank.com
Cis 349 Inspiring Innovation--tutorialrank.comPrescottLunt371
 

Mais procurados (14)

Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Perimeter Security is Failing
Perimeter Security is FailingPerimeter Security is Failing
Perimeter Security is Failing
 
Survey on Host and Network Based Intrusion Detection System
Survey on Host and Network Based Intrusion Detection SystemSurvey on Host and Network Based Intrusion Detection System
Survey on Host and Network Based Intrusion Detection System
 
To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...To use the concept of Data Mining and machine learning concept for Cyber secu...
To use the concept of Data Mining and machine learning concept for Cyber secu...
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
 
Machine learning approach to anomaly detection in cyber security
Machine learning approach to anomaly detection in cyber securityMachine learning approach to anomaly detection in cyber security
Machine learning approach to anomaly detection in cyber security
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits Attack
 
Cis 349 Education Specialist-snaptutorial.com
Cis 349 Education Specialist-snaptutorial.comCis 349 Education Specialist-snaptutorial.com
Cis 349 Education Specialist-snaptutorial.com
 
Cis 349 Exceptional Education-snaptutorial.com
Cis 349 Exceptional Education-snaptutorial.comCis 349 Exceptional Education-snaptutorial.com
Cis 349 Exceptional Education-snaptutorial.com
 
Role of data mining in cyber security
Role of data mining in cyber securityRole of data mining in cyber security
Role of data mining in cyber security
 
CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com
 
Cis 349 Teaching Effectively--tutorialrank.com
Cis 349 Teaching Effectively--tutorialrank.comCis 349 Teaching Effectively--tutorialrank.com
Cis 349 Teaching Effectively--tutorialrank.com
 
Cis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.comCis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.com
 
Cis 349 Inspiring Innovation--tutorialrank.com
Cis 349 Inspiring Innovation--tutorialrank.comCis 349 Inspiring Innovation--tutorialrank.com
Cis 349 Inspiring Innovation--tutorialrank.com
 

Destaque

Social media ppt
Social media pptSocial media ppt
Social media pptRyan Parker
 
The ROI of Trust in Social Selling
The ROI of Trust in Social SellingThe ROI of Trust in Social Selling
The ROI of Trust in Social SellingBarbara Giamanco
 
Be a Digital Trailblazer When Building Your Brand
Be a Digital Trailblazer When Building Your Brand Be a Digital Trailblazer When Building Your Brand
Be a Digital Trailblazer When Building Your Brand Carrie Kerpen
 
How to Create the Perfect Social-Media Post
How to Create the Perfect Social-Media PostHow to Create the Perfect Social-Media Post
How to Create the Perfect Social-Media PostGuy Kawasaki
 
50 Expert Tips for Getting Started on Social Media
50 Expert Tips for Getting Started on Social Media50 Expert Tips for Getting Started on Social Media
50 Expert Tips for Getting Started on Social MediaConstant Contact
 
A Complete Guide To The Best Times To Post On Social Media (And More!)
A Complete Guide To The Best Times To Post On Social Media (And More!)A Complete Guide To The Best Times To Post On Social Media (And More!)
A Complete Guide To The Best Times To Post On Social Media (And More!)TrackMaven
 
How Often Should You Post to Facebook and Twitter
How Often Should You Post to Facebook and TwitterHow Often Should You Post to Facebook and Twitter
How Often Should You Post to Facebook and TwitterBuffer
 
6 Questions to Lead You to a Social Media Strategy
6 Questions to Lead You to a Social Media Strategy6 Questions to Lead You to a Social Media Strategy
6 Questions to Lead You to a Social Media StrategyMark Schaefer
 
How to Determine the ROI of Anything
How to Determine the ROI of AnythingHow to Determine the ROI of Anything
How to Determine the ROI of AnythingGary Vaynerchuk
 
Go Viral on the Social Web: The Definitive How-To guide!
Go Viral on the Social Web: The Definitive How-To guide!Go Viral on the Social Web: The Definitive How-To guide!
Go Viral on the Social Web: The Definitive How-To guide!XPLAIN
 
Why Content Marketing Fails
Why Content Marketing FailsWhy Content Marketing Fails
Why Content Marketing FailsRand Fishkin
 

Destaque (15)

tripwire
tripwiretripwire
tripwire
 
Tripwire
TripwireTripwire
Tripwire
 
TRIP WIRE
TRIP WIRETRIP WIRE
TRIP WIRE
 
Power Of Social Media
Power Of Social MediaPower Of Social Media
Power Of Social Media
 
Social media ppt
Social media pptSocial media ppt
Social media ppt
 
The ROI of Trust in Social Selling
The ROI of Trust in Social SellingThe ROI of Trust in Social Selling
The ROI of Trust in Social Selling
 
Be a Digital Trailblazer When Building Your Brand
Be a Digital Trailblazer When Building Your Brand Be a Digital Trailblazer When Building Your Brand
Be a Digital Trailblazer When Building Your Brand
 
How to Create the Perfect Social-Media Post
How to Create the Perfect Social-Media PostHow to Create the Perfect Social-Media Post
How to Create the Perfect Social-Media Post
 
50 Expert Tips for Getting Started on Social Media
50 Expert Tips for Getting Started on Social Media50 Expert Tips for Getting Started on Social Media
50 Expert Tips for Getting Started on Social Media
 
A Complete Guide To The Best Times To Post On Social Media (And More!)
A Complete Guide To The Best Times To Post On Social Media (And More!)A Complete Guide To The Best Times To Post On Social Media (And More!)
A Complete Guide To The Best Times To Post On Social Media (And More!)
 
How Often Should You Post to Facebook and Twitter
How Often Should You Post to Facebook and TwitterHow Often Should You Post to Facebook and Twitter
How Often Should You Post to Facebook and Twitter
 
6 Questions to Lead You to a Social Media Strategy
6 Questions to Lead You to a Social Media Strategy6 Questions to Lead You to a Social Media Strategy
6 Questions to Lead You to a Social Media Strategy
 
How to Determine the ROI of Anything
How to Determine the ROI of AnythingHow to Determine the ROI of Anything
How to Determine the ROI of Anything
 
Go Viral on the Social Web: The Definitive How-To guide!
Go Viral on the Social Web: The Definitive How-To guide!Go Viral on the Social Web: The Definitive How-To guide!
Go Viral on the Social Web: The Definitive How-To guide!
 
Why Content Marketing Fails
Why Content Marketing FailsWhy Content Marketing Fails
Why Content Marketing Fails
 

Semelhante a How Tripwire Automates File System Integrity Checks

20 Trip-Wire-.pdf
20 Trip-Wire-.pdf20 Trip-Wire-.pdf
20 Trip-Wire-.pdfG Srinu
 
20 Trip-Wire-.pdf
20 Trip-Wire-.pdf20 Trip-Wire-.pdf
20 Trip-Wire-.pdfG Srinu
 
Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics IJNSA Journal
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxSUBHI7
 
Kurnava_Matthew_Research Paper_NSEC506_SPR16
Kurnava_Matthew_Research Paper_NSEC506_SPR16Kurnava_Matthew_Research Paper_NSEC506_SPR16
Kurnava_Matthew_Research Paper_NSEC506_SPR16Matthew Kurnava
 
Tripwire.ppt
Tripwire.pptTripwire.ppt
Tripwire.pptishaque k
 
A Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksA Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksEditor IJCATR
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Optimised malware detection in digital forensics
Optimised malware detection in digital forensicsOptimised malware detection in digital forensics
Optimised malware detection in digital forensicsIJNSA Journal
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Laura Arrigo
 
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityHappiest Minds Technologies
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for networkIJCNCJournal
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security FrameworkMaria Perkins
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKijcsit
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 
J_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJ_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJuanita McConnell
 

Semelhante a How Tripwire Automates File System Integrity Checks (20)

Tripwire
TripwireTripwire
Tripwire
 
20 Trip-Wire-.pdf
20 Trip-Wire-.pdf20 Trip-Wire-.pdf
20 Trip-Wire-.pdf
 
20 Trip-Wire-.pdf
20 Trip-Wire-.pdf20 Trip-Wire-.pdf
20 Trip-Wire-.pdf
 
Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics Optimised Malware Detection in Digital Forensics
Optimised Malware Detection in Digital Forensics
 
Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
 
Kurnava_Matthew_Research Paper_NSEC506_SPR16
Kurnava_Matthew_Research Paper_NSEC506_SPR16Kurnava_Matthew_Research Paper_NSEC506_SPR16
Kurnava_Matthew_Research Paper_NSEC506_SPR16
 
Tripwire.ppt
Tripwire.pptTripwire.ppt
Tripwire.ppt
 
A Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer NetworksA Study of Intrusion Detection System Methods in Computer Networks
A Study of Intrusion Detection System Methods in Computer Networks
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Optimised malware detection in digital forensics
Optimised malware detection in digital forensicsOptimised malware detection in digital forensics
Optimised malware detection in digital forensics
 
Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12Nt2580 Unit 7 Chapter 12
Nt2580 Unit 7 Chapter 12
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Is4560
Is4560Is4560
Is4560
 
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
 
A proposed architecture for network
A proposed architecture for networkA proposed architecture for network
A proposed architecture for network
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security Framework
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 
J_McConnell_LabReconnaissance
J_McConnell_LabReconnaissanceJ_McConnell_LabReconnaissance
J_McConnell_LabReconnaissance
 

Último

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 

Último (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 

How Tripwire Automates File System Integrity Checks

  • 1. 1 TRIPWIRE How Tripwire software is effective to automate the process of verifying file system integrity on a machine. FITSUM R. LAKEW INFA – 630 Prof. Jeff Clark November 21, 2010 UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE
  • 2. 2 TRIPWIRE Outline: Abstract Introduction Main Body: • Functional Applicability • Limitations • Installing Tripwire • Activating Tripwire Conclusion References
  • 3. 3 TRIPWIRE How Tripwire software is effective to automate the process of verifying file system integrity on a machine. Abstract Security in computer systems is vital in protecting the integrity of stored information. The file system provides a mechanism that can be used for storage purposes. This mechanism can also be used to access data and programs in a computer system. Information residing on a file system is valuable and should be monitored for unauthorized and unexpected changes to protect the system against intrusion. In a network platform, monitoring these changes becomes quite a daunting task. Tripwire is a tool that aids UNIX system administrators to check for any changes that are made on a selective set of files, directories, and databases (Northcutt & Novack, 2002). It notifies the system administrator whenever files have been altered or corrupted. This enables the system administrator can take action in a timely manner. This paper will describe the intrusion detection mechanism provided by Tripwire. It will also outline the design and implementation of Tripwire. It will explore the advantages of using Tripwire to automate the process of verifying file system integrity on a machine. It will also explore the software’s limitations. This paper will prove Tripwire’s effectiveness in detecting altered or corrupted files.
  • 4. 4 TRIPWIRE Introduction Tripwire refers to software that confirms the integrity of a system. It is a utility that compares the properties of specific files and directories against data that has been stored in an archive. Tripwire creates software that allows users to edit and configure a system’s overall security. Bejtlich (2005) argues that Tripwire is a toll that can be used to detect corrupted files. Tripwire can also serve as an archive for files and folders that have been disorganized. Tripwire is a tool that informs the user about changes in the system (Northcutt & Novack, 2002). Reports from the software are usually sent in an XML or HTML format (Northcutt & Novack, 2002). This enables a user to access the data from a web browser. Tripwire took 12 months to develop. Open Source Tripwire was an original version of the software. It was created using a code that was designed by Tripwire Incorporated (Bejtlich, 2005). It was initially free. Police officers and private security firms use it. It is still used to alert people about file changes that occur in a wide variety of systems. Private organizations can also use tripwire. It can be used to keep track of privately owned servers. It can update the user through daily e-mail.
  • 5. 5 TRIPWIRE Functional Applicability Tripwire can be used as an intrusion detection system that is governed by a host. Network bases do not restrict it. It notifies the user concerning the changes that may occur in file system objects (Bejtlich, 2005). Tripwire lets the user know whether the server has been compromised. It employs the use of an e-mail alert system this system is activated once the software detects a problem. Tripwire detects specific anomalies in the system. It allows the user to determine the specific files that may have been compromised (Northcutt & Novack, 2002). Administrators will know which actions to take once Tripwire alerts them about changes in the system. Servers that have been corrupted can therefore be removed from the network. “The single most important time efficiency issue with Tripwire is the lack of a report history mechanism, which would drastically reduce the number of reports. For instance, a dozen systems being checked three times per day can result in over 1000 reports per month, any one of which could contain the critical information the tool is supposed to detect. Even the most careful tuning cannot prevent this; for instance, the installation or modification of a large software package may suddenly result in a large report that will continue until the administrator has time to do a database update.” (Arnold, 2001) Tripwire allows users to monitor the progress of their servers. It can be used to detect the installation of unauthorized software (Bejtlich, 2005). Trost
  • 6. 6 TRIPWIRE (2009) asserts that Tripwire can also verify a system’s compliance with regard to the user’s security policy. The software can operate as an archive. Tripwire’s archive can be compared with other systems for the sake of compatibility. Northcutt & Novack (2002) state that tripwire can be used to recover lost files and folders. It can also be used to assess the damage that may have been caused within a given server. Tripwire provides the user with options that are based on the changes that have been detected within a given system. The information retrieved from Tripwire’s damage report can be used to prepare the user for similar problems in the future. Once Tripwire has been activated, it scans all the files within a given database. Tripwire employs cryptographic hashes in order to detect anomalies in a file. These hashes are used to filter components of the file that may not be needed. A user can access particular files and folders by adjusting the tripwire configuration. Tripwire can be tweaked to target particular files in the system’s database. This process operates like a filter. A user can customize the scanning process in order to save time and resources. Tripwire can be used on specific servers. It can be applied to an entire network. It can also run as a centralized system (Trost, 2009). It can also be used to test the integrity of Windows VFAT file systems like FAT 32 AND FAT 16 (Bejtlich, 2005).
  • 7. 7 TRIPWIRE Tripwire is not restricted to a particular format. It is portable and dynamic. It runs on several UNIX variations. Its programs can therefore be shared among different systems. Tripwire’s database files are easy to read. This is because they are encoded using a standard ASCII format (Trost, 2009). The ASCII format enables files to be read on different platforms. Tripwire is a form of self-sufficient software. A user can run Tripwire program without the use of outside programs (Bejtlich, 2005). This enables administrators to secure the privacy of their customers. Host-based intrusions can be detected by monitoring changes within the file system (Trost, 2009). Tripwire is therefore the best software a user can employ to detect anomalies within a given system. Administrators can also use the software to take note of unauthorized modifications within a given network (Bejtlich, 2005). Hackers are hardly ever detected. Tripwire can be used to alert administrators whenever the system’s security is compromised. Myers (2000) states the following: Intrusion Detection involves detecting unauthorized access and destructive activity on your computer system. Intrusion Detection is a clear requirement for all e-commerce merchants. According to the annual study released March 22, 2000 by the Computer Security Institute and the FBI, 90% of the survey respondents detected a computer security breach
  • 8. 8 TRIPWIRE within the last twelve months. The study showed that the most serious financial losses were caused by activities that concern e-commerce merchants directly: theft of proprietary information (e.g., stealing customer credit card numbers), and financial fraud (e.g., setting up a bogus storefront). For e-commerce merchants, the focus of Intrusion Detection is on the web servers, and their associated database management systems. E- commerce requires that the web servers communicate quickly and accurately with large databases of product and customer information. To optimize performance, these critical databases are, in most cases, placed on the same network segment as the web server, or even on the web server machine itself. For malicious hackers, this is a tempting prize. For hard-core cyber criminals, these databases are pay dirt. They will break in to the web server, gain administrator-level access, locate the database, and then go to work on breaking into the database and downloading customer information. This does happen. As a matter of fact, it happens more often than most of us will ever know, because the merchants who suffer break-ins often do not report them, or they report them to law enforcement agencies who do not publicize information while cases are under investigation. According to an Associated Press report released March 24, 2000, "Two 18-year-old boys were arrested in Wales, United Kingdom, on charges of breaking into
  • 9. 9 TRIPWIRE electronic commerce Internet sites in five countries and stealing information on 26,000 credit card accounts, the FBI said today." Such reports cause me to wonder how many such exploits are not being caught. And one can only marvel at the use of the term "boys". Why is an 18 year-old who commits armed robbery a "man", and one who violates the financial integrity of 26,000 innocents a "boy". The young men who probably spent many months planning and executing this crime are not seen as real criminals, just misguided youth. This seems to be a naive assumption. Setting up the most secure website possible is the social, and potentially legal responsibility of every e-commerce merchant who either solicits, processes, or stores confidential customer information. Further, and perhaps more convincing, a secure website is also a business imperative. There is no quicker way to lose customer confidence than to lose their credit card information (Myers, 2000). Limitations Tripwire reports are long. They are therefore tedious to analyze. Reading reports from Tripwire can be a cumbersome process. It is a time-consuming endeavor. Trost (2009) argues that Tripwire is outdated software. Its coding system is archaic. A server can function effectively without Tripwire. An antivirus
  • 10. 10 TRIPWIRE is generally more effective. The user has the option to restore or delete corrupted files using an antivirus. Tripwire forces the user to deal with changes that may occur on a frequent basis. For example, if a file is altered after an auditing session, the Tripwire software will alert the user. This forced the administrator to deal with trivial changes to the system. Minor changes can therefore go unnoticed. Arnold (2001) states the following: Tripwire is much like the fabled elephant and the blind men: how you feel about it depends on the perspective from which you approach it. A person who has successfully used Tripwire to detect cracked binaries and/or system miss configurations will have nothing but praise for it. On the other hand, someone who has been "stuck in the trenches" reading through endless reports in an attempt to find problems, will think that it's a labor- intensive waste of time. Minimizing the labor required dictates that reports be as brief, and as infrequent, as they possibly can be made. Using Tripwire on a day-to-day basis can be an uncreative and essentially boring activity. On the other hand, if one can reduce the torrent of data that Tripwire provides, and makes it simpler to use than it is "out of the box", then using it can become bearable (if not necessarily palatable.) Fortunately, it is possible to reduce the time and effort required to administer Tripwire, as the next section of this discussion will illustrate (Arnold, 2001).
  • 11. 11 TRIPWIRE The tripwire database has to be updated on a regular basis (Trost, 2009). Changes made to a system’s files prompt the user to update the software. Tripwire restricts users to a strict policy. There are terms and conditions that must be followed in order to use Tripwire effectively. The user is forced to resolve the system’s problems without the use of Tripwire. Tripwire does not remove malicious files. It does not get rid of viruses. The user is forced to do this without the use of Tripwire. According to Bejtlich (2005), Tripwire is fallible. Computer hackers can still access private files under the right circumstances. Tripwire does not serve the user as an antivirus. Trost (2009) argues that tripwire is not a firewall. It only compliments other security solutions. It cannot be used to restore a computer’s operating system (Bejtlich, 2005). Tripwire auditing must be done on a regular basis. It is a time-consuming process. The user is forced to do the work manually. File system auditing requires the use of unauthorized system resources. Tripwire does not allow the user to access these resources. The system therefore functions at a slower pace. Tripwire installation is restricted to ‘fresh’ systems. Installing Tripwire on a network is a long and cumbersome process. Only one user can install tripwire. This makes the installation process difficult. Tripwire also forces the administrator to format the system before
  • 12. 12 TRIPWIRE installation. Corrupted files can be ignored after Tripwire is installed. Administrators are therefore forced to install the software twice. Installing Tripwire Installing Tripwire is a simple process. There are many ways to install Tripwire. An administrator can use his distribution’s package manager to download and install the software (Bejtlich, 2005). An administrator can also access the software through the Open Source Tripwire Project online. The installation process is mainly automatic. The user affirmatively clicks on taskbars in order to authorize the procedure. Linux distributors sometimes provide a utility that can be used to configure a given system (Bejtlich, 2005). They provide the user with setup scripts that can be used to install the software. Activating Tripwire Tripwire is activated using a ‘check’ key. The process can be automated by employing an integrity check. The user can then create a chronological job entry. This ensures that the system is checked regularly. This process requires the user to edit the system’s directory. Alternatively, the user can add an appropriate script to the directory (Bejtlich, 2005). The file should then be edited by adding a line for the execution of a tripwire check.
  • 13. 13 TRIPWIRE Tripwire can also be activated if the software is run from another machine on the same network. This keeps hackers at bay. (Trost, 2009) suggests that the crontab line should have the following line where the host name is located: 0 2 * * * ssh-n-1 root target-host /usr/sbin/tripwire â€"check Most scholars advice users to make soft copies of their tripwire binary (Kohlenberg, Beale & Baker, 2007). The program can be run from the soft copy. For this procedure, the twcfg.txt file should be edited before the user signs in. Kohlenberg, Beale & Baker (2007) advise users to make the following changes to their /etc/twcfg.txt file: ROOT=/mnt/cdrom SITEKEYFILE=/mnt/cdrom/site.key LOCALKEYFILE=/mnt/cdrom/host-local.key Bejtlich (2005) suggests that this process is only applicable to CDROMs that mount at mnt/cdrom. Users should then sign the modified file and generate the Tripwire file. The CD-R can be removed when the process is complete. Tripwire checks can then be done by mounting the CD-R that contains the Tripwire binary (Northcutt & Novack, 2002).
  • 14. 14 TRIPWIRE The executable binary should be stored in a non-writable storage device. This is done to protect the codes. The tripwire database can be updated by issuing the following commands: # LASTREPORT=`ls -1t /var/lib/tripwire/report/host-*.twr |head -1` # tripwire --update --twrfile "LASTREPORT" Tripwire creates an archive of the most commonly accessed files and folders in a server (Northcutt & Novack, 2002). The user is therefore able to compare these files to the ones on his or her hard drive. This process can be used to identify files that may have been stolen or corrupted. Tripwire is composed of an Open Source and a commercial version of the software. It is made up of four major components (Trost, 2009). These include the policy files, the database, the configuration files and the report files. The configuration file houses regulations that govern the e-mail notification system. It also houses the Tripwire files as well as the server’s miscellaneous data. Tripwire allows the user to customize the software settings. The Tripwire software can also be used to make notifications based on the user’s settings. Scanning the system creates report files (Kohlenberg, Beale & Baker, 2007). These reports inform the user about specific changes to the system.
  • 15. 15 TRIPWIRE Conclusion Trost (2009) argues that despite its limitations, Tripwire is still an effective tool that that can be used to increase a system’s security. Tripwire is relatively effective. Administrators should therefore employ the use of an antivirus. Tripwire cannot get rid of corrupted files without the user’s consent. Kohlenberg, Beale & Baker (2007) advise administrators to invest in several integrity-auditing tools for their system. This will ensure that the system runs at optimum efficiency.
  • 16. 16 TRIPWIRE References Arnold, E. R. (2001). The Trouble with Tripwire. Retrieved from: http://www.symantec.com/connect/articles/trouble-tripwire Bejtlich, R. (2005). Extrusion Detection. Security Monitoring for Internal Intrusions, 47(1), 37-107. Kohlenberg, T., Beale, J., Baker, A. R. (2007). Snort IDS and IPS Toolkit with CDROM. Intrusion Detection, 10(1), 234-309. Myers, M. (2000). Intrusion Detection Preliminaries. Sanitizing Your E- Commerce Web Servers. Retrieved from: http://www.symantec.com/connect/articles/intrusion-detection- preliminaries-sanitizing-your-e-commerce-web-servers Northcutt, S. & Novack, J. (2002). Network Intrusion Detection. Protecting Your System, 27(3), 442-512. Trost, R. (2009). Practical Intrusion. Analysis Prevention for the Twenty-First Century, 21(1), 230-457.