1. SRI RAMAKRISHNA ENGINEERING COLLEGE
(An Autonomous Institution, Affiliated to Anna University Coimbatore)
Vattamalaipalayam,Coimbatore - 22
DEPARTMENT OF INFORMATION TECHNOLOGY
PAPER PRESENTATION ON:
TRIPWIRE INTRUSION DETECTION
AND PREVENTION SYSTEM
Submitted By:
S.Mithila
A.Akalya
2. SECURITY MEASURES INCLUDES:
• Prevention Techniques
• Detection Techniques
Tripwire Intrusion Detection System(IDS) is used for
detection of intrusion
DEFINITION
Tripwire IDS monitors and analyzes the internals of
computing system.
According to polices following steps are taken:
▪ Detect unauthorized access
▪ Report changes through audit logs and e-mails
3. OPEN SOURCE TRIPWIRE
▪ Monitors small number of servers
▪ Provides centralized control
TRIPWIRE FOR SERVERS
▪ Detailed reporting
▪ Optimize centralization using Server Manager
TRIPWIRE ENTERPRISE
▪ Audit configuration across Linux,UNIX,and Windows
servers.
4. Creation of configuration file
Generating dB at regular intervals
Comparing newly created dB wid the old one
according to the policy
Log files and e-mails reported according to
changes in data
6. 1. CONFIGURATION FILE
tw.config-contains list of files and directories with
selection mask
2. DATABASE FILE
Describes each file as
Name of the file
Inode attribute values
Signature information
7. Tripwire includes two types of files:
▪ Data file
▪ Configuration file
#Tripwire Binaries
(rulename = "Tripwire Binaries", severity = $(SIG_HI))
{
$(TWBIN)/siggen -> $(ReadOnly);
$(TWBIN)/tripwire -> $(ReadOnly);
$(TWBIN)/twadmin -> $(ReadOnly);
$(TWBIN)/twprint -> $(ReadOnly);
}
10. PROS
Portable
Reliability of data
Detection from 3rd party
CONS
Single user mode during dB installation
Pre-existing files cannot be protected
Prevention of unauthorized access is not possible
Hacking of tripwire software itself in open network
11. STAGE I-PREVENTION IN IDS
New attack SIGATURES are downloaded to
prevent newly discovered attacks(worms,
viruses).
Patches for vulnerabilities are downloaded and
applied for critical software and run regression
testing
12. STAGE II-PROTECTION TO TRIPWIRE
Compressing and Encrypting the Tripwire
software into a password protected .exe file
Renaming the tw.config file
STAGE III-PRE-EXISTING FILE PROTECTION
Backup of files in portable devices
Replacing back the files after installation of
Tripwire software