Tripwire Enterprise Server – Basic Tasks Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology July 12, 2006.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

This course is designed for system managers/administrators to better understand the SAAZ Desktop and Server Management components Students will learn.

Tripwire Enterprise Server Network Nodes, Reports, and Dashboards Vincent Fox and Doreen Meyer UC Davis, Information and Educational Technology August.

MySQL Installation Guide. MySQL Downloading MySQL Installer.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 4 Installing and Configuring the Dynamic Host Configuration Protocol.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

Installation and Deployment in Microsoft Dynamics CRM 4.0

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 2 Accessing Your System and the Common Desktop Environment.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

Chapter 11: Maintaining and Optimizing Windows Vista

SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Designed By: Technical Training Department

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Module 16: Software Maintenance Using Windows Server Update Services.

Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.

OM. Brad Gall Senior Consultant

Tripwire Enterprise Server Rule Sets Vincent Fox, Doreen Meyer, and Paul Singh UC Davis, Information and Educational Technology July 25, 2006.

Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

Hands-On Microsoft Windows Server 2008

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Hands-On Microsoft Windows Server 2008

Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.

Copyright ®xSpring Pte Ltd, All rights reserved Versions DateVersionDescriptionAuthor May First version. Modified from Enterprise edition.NBL.

Module 9: Active Directory Domain Services. Overview Describe new features in AD DS List manageability and reliability enhancements in AD DS.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.

TEAM Basic TotalElectrostatic ManagementAwareness&

The VPO Operator. [vpo_operator] 2 The VPO Operator Section Overview The role of the VPO operator Starting and stopping the Motif GUI The VPO Operator.

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

Windows Vista Inside Out Chapter 22 - Monitoring System Activities with Event Viewer Last modified am.

Client – Server Application Can you create a client server application: The server will be running as a service: does not have a GUI The server will run.

Introduction to Test Director

Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 MSE Virtual Appliance Presenter Name: Patrick Nicholson.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.

CN2140 Server II Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.

Chapter 10: Rights, User, and Group Administration.

Microsoft Management Seminar Series SMS 2003 Change Management.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Intro to Datazen.

Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.

 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.

Microsoft ® Official Course Module 6 Managing Software Distribution and Deployment by Using Packages and Programs.

Installing VERITAS Cluster Server. Topic 1: Using the VERITAS Product Installer After completing this topic, you will be able to install VCS using the.

Active-HDL Server Farm Course 11. All materials updated on: September 30, 2004 Outline 1.Introduction 2.Advantages 3.Requirements 4.Installation 5.Architecture.

ITMT 1371 – Window 7 Configuration 1 ITMT Windows 7 Configuration Chapter 8 – Managing and Monitoring Windows 7 Performance.

IBM Software Group © 2008 IBM Corporation IBM Tivoli Provisioning Manager 7.1 OS Management with TPM for OS Deployment.

Confidential ASWM Installation Guide in Main Server ( for Windows Server 2008 R2 ) 1.

SQL Database Management

Troubleshooting Tools

Installation and Configuration

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

PLANNING A SECURE BASELINE INSTALLATION

Features Overview.

Presentation transcript:

Tripwire Enterprise Server – Basic Tasks Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology July 12, 2006

Topics Server install Q&A Server install Q&A Understanding the UI Understanding the UI Settings manager Settings manager Your first node! Your first node! o Importing useful rules o Agent install o The managers: nodes, rules, actions, tasks, logs o Baselining, version Checks, promotion

Server Install Single-server, just run the installer Single-server, just run the installer Dual-server, you will need to add parameters to the install command Dual-server, you will need to add parameters to the install command Windows cannot install over TS Windows cannot install over TS STORE THOSE PASSWORDS! STORE THOSE PASSWORDS! *Note: in 5.5 problems using a Services Password > 8 chars *Note: in 5.5 problems using a Services Password > 8 chars

Server firewall/NAT Firewall, see Installation Guide, Chapter 1. Network requirements Firewall, see Installation Guide, Chapter 1. Network requirements NAT, see Reference Guide, Chapter 4. System Properties NAT, see Reference Guide, Chapter 4. System Properties

Tripwire UI The TE GUI has many elements of a familiar desktop, but is not. This can lead to frustration and broken mice. The TE GUI has many elements of a familiar desktop, but is not. This can lead to frustration and broken mice. Zones of the console Zones of the console

TE Console Areas

TE Console Flubs

Server Settings User preference settings User preference settings System preferences System preferences server server

Useful Account Setting

System Preferences Shorten session timeout to 10 minutes Shorten session timeout to 10 minutes

Servers

Administration Settings Configure login method Configure login method Creating roles Creating roles Creating a user group Creating a user group Creating users Creating users

Configure Login Method

Roles

Modifying Roles

Creating User Groups Functional groups usually by role Functional groups usually by role Obvious groupings: staff/admins, operations, management Obvious groupings: staff/admins, operations, management

Node Setup Tasks Import TFS and/or UCD-basic rulesets Import TFS and/or UCD-basic rulesets Install agent on a node Install agent on a node Create an action Create an action Use tasks to associate rule, node, action, and schedule a time to run. Use tasks to associate rule, node, action, and schedule a time to run. Create a baseline for the node Create a baseline for the node Wait. Example for a rule with 7,000 elements stored, took ~600 seconds. Wait. Example for a rule with 7,000 elements stored, took ~600 seconds.

Import Useful Rules TFS rules very generic, usually result in many elements stored. TFS rules very generic, usually result in many elements stored. UCD rules leaner, meaner. UCD rules leaner, meaner. Rule names need to be unique or collision will occur. Rule names need to be unique or collision will occur.

Install the Agent Software Install as Administrator Install as Administrator Enter port + services password Enter port + services password Punch holes in firewall! Punch holes in firewall! There is a silent install option, see Users Guide, Ch. 2, Installation Procedures for TE Agent There is a silent install option, see Users Guide, Ch. 2, Installation Procedures for TE Agent

Agent Install

Firewall on Client

Create Action

Move Discovered Node

Create First Task We just want a Check Rule Task for our example

Create First Task

Test That It Works Modify a watched element Modify a watched element Run the task, or do a node check Run the task, or do a node check Note the change or check your Note the change or check your Take action on the intrusion! Or, just promote the changes. Take action on the intrusion! Or, just promote the changes.

Node Manager Adding a node group Adding a node group Linking a node Linking a node Elements for file system nodes Elements for file system nodes Element versions Element versions Node viewing filter Node viewing filter

Adding a Node Group

Linking a Node

Link Symbol

TE Symbols Exposed

Node Elements

Element Versions

Node Viewing Filter

Without filtering, TMI

Now we can see the trees

Viewing Rules

Rule Specifiers

Action Manager Viewing Actions Viewing Actions Creating an action Creating an action Creating an SNMP action Creating an SNMP action Creating an execution action (locally or on TE server) Creating an execution action (locally or on TE server)

An Execution Action

An Execution Action echoing the file name of a changed element to a file

Task Manager Viewing tasks Viewing tasks Creating and deleting tasks Creating and deleting tasks

Task Manager

Log Manager Viewing logs Viewing logs Sorting and filtering Logs Sorting and filtering Logs

Log Manager

Log Manager - Search

The Baseline- What is Happening? Baselining I/O intensive on DB disks Baselining I/O intensive on DB disks Recommend baselining only a small number of systems at once. Recommend baselining only a small number of systems at once.

Snapshot defined Temporary record of the monitored objects current attributes. In a baseline execution, this would become the baseline version. In a version check this is the now state we compare the baseline against. Temporary record of the monitored objects current attributes. In a baseline execution, this would become the baseline version. In a version check this is the now state we compare the baseline against.

Version Check

Viewing Changes Difference Viewer Difference Viewer

Promotion Promote selected versions Promote selected versions Promote by match Promote by match Promote by reference Promote by reference Promote by package Promote by package

Promote Selected Versions Promote current snapshot(s) to baseline. Select using the GUI. Promote current snapshot(s) to baseline. Select using the GUI.

Homework for July 26 Install an agent and associate it with a basic rule or rule set and a task or action Install an agent and associate it with a basic rule or rule set and a task or action Practice the procedures Practice the procedures Deployment options Deployment options

Training Schedule July 12: adding and configuring a node using the basic rule set July 12: adding and configuring a node using the basic rule set July 26: creating and modifying rules July 26: creating and modifying rules Aug 1 or 8?: reports, dashboard, deployment steps Aug 1 or 8?: reports, dashboard, deployment steps

Resources - Rulesets and presentations - Rulesets and presentations - mailing list - mailing list Vincent Fox - Vincent Fox - Doreen Meyer - Doreen Meyer - Bob Ono - Bob Ono - Software - Software -