INTRUSION DETECTION SYSYTEM

Presented by
C.SARITHA
(07R91A0568)
 CONTENT
Basically this presentation contains,

• What is TripWire?

• How does TripWire work?

• Where is TripWire used?

• How do you install and use TripWire?

• What is the benefit of TripWire?

• Final word on TripWire.

 What is TripWire?
 Reliable intrusion detection system.

 Tool that checks to see what changes have been made in your system.

 Pinpoints, notifies, determines the nature, and provides information on the changes on
how to manage the change.

 Mainly monitors the key attributes(like binary signature, size and other related data) of
your files.

 Changes are compared to the established good baseline.

 Security is compromised, if there is no control over the various operations taking place.

 Security not only means protecting your system against various attacks but also
means taking quick and decisive actions when your system is attacked.
How does
TripWire work?
First, a baseline database is created storing the
original attributes like binary values in registry.

If the host computer is intruded, the intruder changes

these values to go undetected.

The TripWire software constantly checks the system

logs to check if any unauthorized changes were made.

If so, then it reports to the user.

User can then undo those changes to revert the

system back to the original state.
Where is TripWire used?
 Tripwire for Servers(TS) is software used by servers.

 Can be installed on any server that needs to be monitored for any

changes.

 Typical servers include mail servers, web servers, firewalls, transaction

server, development server.

 It is also used for Host Based Intrusion Detection System(HIDS) and

also for Network Intrusion Detection System(NIDS).

 It is used for network devices like routers, switches, firewall, etc.

 If any of these devices are tampered with, it can lead to huge losses for
the Organization that supports the network.
How do you install and use
TripWire?
 Install Tripwire and customize the policy file.

 Initialize the Tripwire database.

 Run a Tripwire integrity check.

 Examine the Tripwire report file.

 Take appropriate security measures.

 Update the Tripwire database file.

 Update the Tripwire policy file.

What is the benefit of TripWire?
Increase security
Immediately detects and pinpoints unauthorized change.

 Instill Accountability
Tripwire identifies and reports the sources of change.

Gain Visibility
Tripwire software provides a centralized view of changes across
the enterprise infrastructure and supports multiple devices
from multiple vendors.

Ensure Availability
Tripwire software reduces troubleshooting time, enabling rapid
discovery and recovery. Enables the fastest possible restoration
back to a desired, good state.
Where did I get this Information?
www.tripwire.com
www.iec.com
www.itpaper.com
www.google.com (Search for Tripwire)
ANY QUESTIONS ?
THANK YOU FOR
LISTENING
PATIENTLY!