1. T RIP W IRE Karthik Mohanasundaram Wright State University

2. Topics of Interest Introduction to Intrusion Detection Systems Functionalities of Tripwire

3. Classification of IDS Network Intrusion Detection System [NIDS] Example: Nessus, FireStorm Network Node Intrusion Detection System [NNIDS] Example: Real Secure Host Intrusion Detection System [HIDS] Example: TripWire, Intruder Alert

4. Advantages of HIDS A HIDS resides on the system being monitored and tracks changes made to important files and directories A HIDS does not look for patterns and monitors changes within a specified set of rules

5. Introduction Tripwire is a Host Based Intrusion detection System which can be used to ensure the integrity of critical system files and directories by identifying all changes made to them specified in its configuration file Tripwire compares the files and directories with a baseline database that was generated initially

6. Password phrases Tripwire uses two password phrases to sign or encrypt the important key files so that they are not altered by normal users. Two password phrases are employed for these purposes Site-Key passphrase Local-Key passphrase

7. continued.. The Site-Key password phrase protects the site key which signs Tripwire Configuration File and Policy File The Local-Key password phrase protects the local key which signs the Tripwire database and Tripwire Report

8. Post-Installation Procedures Run the Configuration script to sign the important files Initialize the tripwire database Run the First Integrity Check Modify the Configuration and Policy files if necessary

9. Operation Model of Tripwire

10. Tripwire Update States

11. Bibliography Official Red Hat Linux Reference Guide [www.redhat.com] The Design and Implementation of Tripwire: A File System Integrity Checker by Gene H. Kim & Eugene H. Spafford