TRIP WIRE

2,149 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,149
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
60
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

TRIP WIRE

  1. 1. “TRIPWIRE” A Seminar Report Submitted by P.A.A. KAREEMULLA(09751A0587) In partial fulfillment for the award of the degree of BACHELOR OF TECHNOLOGY IN COMPUTER SCIENCE AND ENGINEERING At SREENIVASA INSTITUTE OF TECHNOLOGY AND MANAGEMENT STUDIES,CHITTOOR-517127(Affiliated to J.N.T.U Anantapur & Accredited by NBA, New Delhi) DEC – 2012 1
  2. 2. SREENIVASA INSTITUTE OF TECHNOLOGY AND MANAGEMENT STUDIES (Affiliated to J.N.T.U Anantapur & Accredited by NBA, New Delhi) Thimmasamudhram, Chittoor - 517127 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CERTIFICATE This is to certify that the seminar entitled “TRIPWIRE” that is beingsubmitted by Mr.P.A.A. KAREEMULLA, bearing roll no 09751A0587 in partialfulfillment of degree of IV B.Tech in CSE to JNTU Anantapur is a record ofbonafied work carried by him under my supervision.1.2.3.Seminar Supervisors Head of the Department 2
  3. 3. ABSTRACTTripwire is an intrusion detection system. It is a software tool that checks to see what has changed onyour system. The program monitors the key attributes of files that should not change, including thesize, binary signature, expected change of size, and other related important data’s. Tripwire is an opensource program created to monitor changes in a key subset of files identified by the user and report onany changes in any of those files. When changes are detected the system Administrator can determinewhether those changes occurred due to normal, permitted activity, or whether they were caused by abreak-in. If the former, the administrator can update the system baseline to the new files. If the latter,then repair and recovery activity begins. Tripwire’s principle is simple enough. The systemadministrator identifies key files and causes Tripwire to record checksum for those files. Administratoralso puts a cron job to scan those files at intervals (daily or more frequently), comparing to the originalchecksum. Any changes, addition, or deletion are reported, so the proper action can be taken. 3
  4. 4. TABLE OF CONTENTS1.INTRODUCTION………………………………………………………………………….…61.1.MOTIVATION………………………………………………………………………………72. BASIC PURPOSE OF TRIPWIRE …………………………………………………………..82.1 TRIPWIRE RELATED TOPICS……………. ………………………………………….….93. ACTUTAL WORKING OF THE TRIPWIRE SYSTEM…….………………………….….103.1. MONITORING DYNAMIC BEHAVIOUR……….……………………………………..103.2.MONITORING STATE……………………………………………………………………103.3.TECHNIQUES……………………………………………………………………………..114. OPERATION OF TRIPWIRE…………….…………………………………………………124.1. PROTECTING THE HIDS……………………………………………………………...…124.2. FLOWCHART SHOWING THE WORKING OF TRIPWIRE…………………………..145.TRIPWIRE MANAGER………………………………………………………………………176.TRIPWIRE FOR SERVERS…………………………………………………………………..196.1. FLEXIBLE POLICY LANGUAGE………………………………………………………..197. TRIPWIRE FOR NETWORK DEVICES…………………………………………………….218. HOW TO INSTALL AND USE THE TRIPWIRE SYSTEM………………………….……239. HOW TO USE TRIPWIRE…………………………………………………………………..2410. ADVANTAGES OF TRIPWIRE…………………………………………………………..3511.CONCLUSION………………………………………………………………………………3612.REFERENCES………………………………………………………………………………37 ACKNOWLEDGEMENT 4

×