This give the basic knowledge about tripwire.

1. ishaque

2.  What is Tripwire?
 How does Tripwire Works?
 Tripwire Program Inputs
 Applications
 Tripwire for Network Devices
 Tripwire Manager
 What is the benefit of Tripwire?
 Drawbacks
 References

3.  Reliable intrusion detection system.
 It is a free and open-source software tool.
that checks to see what changes have been
made in your system.
 Pinpoints, notifies, determines the nature,
and provides information on the changes on
how to manage the change.
 Mainly monitors the key attributes(like binary
signature, size and other related data)
of your files.

4.  Changes to a file can be made without
changing its length or checksum!
 Changes are compared to the established
good baseline..
 Security not only means protecting your
system against various attacks but also
means taking quick and decisive actions
when your system is attacked.

6.  First, a baseline database is created storing the
original attributes like binary values in registry.
 First of all we must find out whether our system is
attacked or not,
 The TripWire software constantly checks the
systemlogs to check if any unauthorized changes
were made.
 If so, then it reports to the user.
 User can then undo those changes to revert the
system back to the original state

7.  Configuration file (tw.config)
◦ list of files & directories to be monitored
◦ their associated selection mask (list attributes that can
safely be ignored)
 Database file --describes each “file” –
automatically generated
◦ set of file names, inode attribute values, signature
info., associated tw.config entry
tw.config
file
old
database
Files residing on system

8.  Tripwire for Servers(used as software).
 Tripwire for Host Based Intrusion Detection
System(HIDS) and also for Network Based
Intrusion Detection System (NIDS).
 Tripwire for Network Devices like Routers,
Switches etc.

9.  It Can be installed on any server that needs to be monitored
for any changes.
 Typical servers include mail servers, web servers, firewalls,
transaction server, development server.
 A Host-based Intrusion Detection System (HIDS), as a special
category of an Intrusion-Detection System, focuses its
monitoring and analysis on the internals of a computing
system rather than on its external interfaces (as a Network
Intrusion Detection System (NIDS) would do)
.

10.  It is used for network devices like routers,
switches, firewall, etc.
 Tripwire for network devices maintains a log
of all significant actions including adding and
deleting nodes, rules, tasks and user
accounts.

11. There are two types of Tripwire Manager
 Active Tripwire Manager
 Passive Tripwire Manager
 This active Tripwire Manager gives a user the
ability to update the database, schedule
integrity checks, update and distribute policy
and configuration files and view integrity
reports.
 The passive mode only allows to view the
status of the machines and integrity reports.

12.  Increase security: - Immediately detects and
pinpoints unauthorized change.
 Instill Accountability :- Tripwire identifies and
reports the sources of change.
 Gain Visibility:- Tripwire software provides a
centralized view of changes across the
enterprise infrastructure
 Ensure Availability:- Tripwire software
reduces troubleshooting time, enabling rapid
discovery and recovery.

13.  Ineffective when applied to frequently
changing files.
 Higher learning curve to install, edit, and
maintain the software.
 Cost Effective

14.  Although having some limitations ;Tripwire is a
reliable intrusion detection system.
 It is a software that can be installed in any type of
system where damaged files are to be detected.
 The main attractive feature of this system is that
the software generates a report about which file
have been violated, when the file have been
violated and also what in the files have been
changed.

15.  www.google.com
 www.wikipedia.com
 www.studymafia.org