Presentation

587 views

Published on

Trip wire intrusion detection systems

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
587
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Presentation

  1. 1. SRI RAMAKRISHNA ENGINEERING COLLEGE (An Autonomous Institution, Affiliated to Anna University Coimbatore) Vattamalaipalayam,Coimbatore - 22 DEPARTMENT OF INFORMATION TECHNOLOGYPAPER PRESENTATION ON: TRIPWIRE INTRUSION DETECTION AND PREVENTION SYSTEM Submitted By: S.Mithila A.Akalya
  2. 2.  SECURITY MEASURES INCLUDES: • Prevention Techniques • Detection Techniques Tripwire Intrusion Detection System(IDS) is used for detection of intrusion DEFINITION  Tripwire IDS monitors and analyzes the internals of computing system.  According to polices following steps are taken: ▪ Detect unauthorized access ▪ Report changes through audit logs and e-mails
  3. 3.  OPEN SOURCE TRIPWIRE ▪ Monitors small number of servers ▪ Provides centralized control TRIPWIRE FOR SERVERS ▪ Detailed reporting ▪ Optimize centralization using Server Manager TRIPWIRE ENTERPRISE ▪ Audit configuration across Linux,UNIX,and Windows servers.
  4. 4.  Creation of configuration file Generating dB at regular intervals Comparing newly created dB wid the old one according to the policy Log files and e-mails reported according to changes in data
  5. 5.  INITIALIZATION MODE INTEGRITY CHECKING/UPDATE MODE DATABASE UPDATE MODE INTERACTIVE DATABASE UPDATE MODE
  6. 6. 1. CONFIGURATION FILE  tw.config-contains list of files and directories with selection mask2. DATABASE FILE  Describes each file as  Name of the file  Inode attribute values  Signature information
  7. 7.  Tripwire includes two types of files: ▪ Data file ▪ Configuration file#Tripwire Binaries(rulename = "Tripwire Binaries", severity = $(SIG_HI)){$(TWBIN)/siggen -> $(ReadOnly);$(TWBIN)/tripwire -> $(ReadOnly);$(TWBIN)/twadmin -> $(ReadOnly);$(TWBIN)/twprint -> $(ReadOnly);}
  8. 8.  Tripwire Data Files includes  Configuration Files, Policy Files  Keys, Reports, Databases(rulename = "Tripwire Data Files", severity = $(SIG_HI)){$(TWDB) -> $(Dynamic) -i;$(TWPOL)/tw.pol -> $(SEC_BIN) -i;$(TWBIN)/tw.cfg -> $(SEC_BIN) -i;$(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;$(TWSKEY)/site.key -> $(SEC_BIN) ;$(TWREPORT) -> $(Dynamic) (recurse=0);}
  9. 9. ===================================================Report Summary:===================================================Host name: HOSTADMINHost IP address: 127.0.0.1Host ID: 10c0d020Policy file used: /opt/TSS/policy/tw.polConfiguration file used: /opt/TSS/bin/tw.cfgDatabase file used: /opt/TSS/db/somehost.twdDetection of changes:2 files2011-feb-14 4:05:09 (c: /java/class.java) change detected2011-feb-14 4:05:09 (e:/entertainment) change detectedDenial of access:1 file2011-feb-14 4:05:09 (d: /account details) service stopped
  10. 10.  PROS  Portable  Reliability of data  Detection from 3rd party CONS  Single user mode during dB installation  Pre-existing files cannot be protected  Prevention of unauthorized access is not possible  Hacking of tripwire software itself in open network
  11. 11.  STAGE I-PREVENTION IN IDS  New attack SIGATURES are downloaded to prevent newly discovered attacks(worms, viruses).  Patches for vulnerabilities are downloaded and applied for critical software and run regression testing
  12. 12. STAGE II-PROTECTION TO TRIPWIRE Compressing and Encrypting the Tripwire software into a password protected .exe file Renaming the tw.config fileSTAGE III-PRE-EXISTING FILE PROTECTION Backup of files in portable devices Replacing back the files after installation of Tripwire software
  13. 13. 3.5 32.5 21.5 1 DATA SECURITY0.5 NETWORK SECURITY 0 PORTABILITY RELIABILITY
  14. 14. questions Thank you

×