Your SlideShare is downloading. ×
TRIP WIRE
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

TRIP WIRE

685
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
685
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. “TRIPWIRE” A Seminar Report Submitted by P.A.A. KAREEMULLA(09751A0587) In partial fulfillment for the award of the degree of BACHELOR OF TECHNOLOGY IN COMPUTER SCIENCE AND ENGINEERING At SREENIVASA INSTITUTE OF TECHNOLOGY AND MANAGEMENT STUDIES,CHITTOOR-517127(Affiliated to J.N.T.U Anantapur & Accredited by NBA, New Delhi) DEC – 2012 1
  • 2. SREENIVASA INSTITUTE OF TECHNOLOGY AND MANAGEMENT STUDIES (Affiliated to J.N.T.U Anantapur & Accredited by NBA, New Delhi) Thimmasamudhram, Chittoor - 517127 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CERTIFICATE This is to certify that the seminar entitled “TRIPWIRE” that is beingsubmitted by Mr.P.A.A. KAREEMULLA, bearing roll no 09751A0587 in partialfulfillment of degree of IV B.Tech in CSE to JNTU Anantapur is a record ofbonafied work carried by him under my supervision.1.2.3.Seminar Supervisors Head of the Department 2
  • 3. ABSTRACTTripwire is an intrusion detection system. It is a software tool that checks to see what has changed onyour system. The program monitors the key attributes of files that should not change, including thesize, binary signature, expected change of size, and other related important data’s. Tripwire is an opensource program created to monitor changes in a key subset of files identified by the user and report onany changes in any of those files. When changes are detected the system Administrator can determinewhether those changes occurred due to normal, permitted activity, or whether they were caused by abreak-in. If the former, the administrator can update the system baseline to the new files. If the latter,then repair and recovery activity begins. Tripwire’s principle is simple enough. The systemadministrator identifies key files and causes Tripwire to record checksum for those files. Administratoralso puts a cron job to scan those files at intervals (daily or more frequently), comparing to the originalchecksum. Any changes, addition, or deletion are reported, so the proper action can be taken. 3
  • 4. TABLE OF CONTENTS1.INTRODUCTION………………………………………………………………………….…61.1.MOTIVATION………………………………………………………………………………72. BASIC PURPOSE OF TRIPWIRE …………………………………………………………..82.1 TRIPWIRE RELATED TOPICS……………. ………………………………………….….93. ACTUTAL WORKING OF THE TRIPWIRE SYSTEM…….………………………….….103.1. MONITORING DYNAMIC BEHAVIOUR……….……………………………………..103.2.MONITORING STATE……………………………………………………………………103.3.TECHNIQUES……………………………………………………………………………..114. OPERATION OF TRIPWIRE…………….…………………………………………………124.1. PROTECTING THE HIDS……………………………………………………………...…124.2. FLOWCHART SHOWING THE WORKING OF TRIPWIRE…………………………..145.TRIPWIRE MANAGER………………………………………………………………………176.TRIPWIRE FOR SERVERS…………………………………………………………………..196.1. FLEXIBLE POLICY LANGUAGE………………………………………………………..197. TRIPWIRE FOR NETWORK DEVICES…………………………………………………….218. HOW TO INSTALL AND USE THE TRIPWIRE SYSTEM………………………….……239. HOW TO USE TRIPWIRE…………………………………………………………………..2410. ADVANTAGES OF TRIPWIRE…………………………………………………………..3511.CONCLUSION………………………………………………………………………………3612.REFERENCES………………………………………………………………………………37 ACKNOWLEDGEMENT 4