Download presentation
Presentation is loading. Please wait.
Published byKatherine Paul Modified over 9 years ago
1
1 Host – Based Intrusion Detection “Working of Tripwire”
2
2 Background Complements... A Layered Security Approach Firewalls / VPNs Anti-virus Authentication Intrusion Detection System2
3
3 Intrusion Detection File Integrity Assessment Damage Discovery (Forensics) Change / Configuration Management System Auditing Policy Compliance Uses
4
4 How ‘TripWire’ Software Works Baseline Database Current System Tripwire Software Tripwire Reports 1. 2. 3.
5
5 Installation Policy Creation Generating Reports Steps Involved to Setup “TripWire”
6
6 A Simple Policy File /etc R # all these files should be read only. /sbin R+12 # but, be extra careful with these. /var/spool/mail/maillog > # this file should only grow
7
7 Pros and Cons of “TripWire” Pros : Complements a layered security approach. The generated report is small in size. Running of TripWire is periodical and at the administrator’s discretion. Cons : Lack of real time capability.
8
8 Properties and Services of an OS Process Process time State of process Number of blocked processes Number of running processes Thrashing rate Memory Amount of memory used Address range of the memory used
9
9 Properties and Services of an OS File File size File access permissions Total disk space used Number of files IO Number of IO operations (user, root, process) Source and destination of IO Total amount of data exchange between the channels Bus utilization
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.