presentation
DESCRIPTION
Trip wire intrusion detection systemsTRANSCRIPT
TRIPWIRE INTRUSION DETECTION AND
PREVENTION SYSTEM
SRI RAMAKRISHNA ENGINEERING COLLEGE(An Autonomous Institution, Affiliated to Anna University Coimbatore)
Vattamalaipalayam,Coimbatore - 22
DEPARTMENT OF INFORMATION TECHNOLOGY
PAPER PRESENTATION ON:
Submitted By: S.Mithila A.Akalya
INTRODUCTION TO TRIPWIRE
SECURITY MEASURES INCLUDES:• Prevention Techniques• Detection Techniques
Tripwire Intrusion Detection System(IDS) is used for detection of intrusion
DEFINITION Tripwire IDS monitors and analyzes the internals of
computing system. According to polices following steps are taken:
▪ Detect unauthorized access▪ Report changes through audit logs and e-mails
TYPES OF TRIPWIRE
OPEN SOURCE TRIPWIRE▪ Monitors small number of servers ▪ Provides centralized control
TRIPWIRE FOR SERVERS▪ Detailed reporting▪ Optimize centralization using Server Manager
TRIPWIRE ENTERPRISE▪ Audit configuration across Linux,UNIX,and
Windows servers.
DESIGN AND IMPLEMENTATION
Creation of configuration file
Generating dB at regular intervals
Comparing newly created dB wid the old one according to the policy
Log files and e-mails reported according to changes in data
OPERATIONAL MODES OF TRIPWIRE
INITIALIZATION MODE
INTEGRITY CHECKING/UPDATE MODE
DATABASE UPDATE MODE
INTERACTIVE DATABASE UPDATE MODE
TRIPWIRE INPUT
1. CONFIGURATION FILE tw.config-contains list of files and directories
with selection mask
2. DATABASE FILE Describes each file as Name of the file Inode attribute values Signature information
TRIPWIRE ALGORITHM-I
Tripwire includes two types of files:▪ Data file▪ Configuration file
# Tripwire Binaries(rulename = "Tripwire Binaries", severity = $(SIG_HI)){$(TWBIN)/siggen -> $(ReadOnly);$(TWBIN)/tripwire -> $(ReadOnly);$(TWBIN)/twadmin -> $(ReadOnly);$(TWBIN)/twprint -> $(ReadOnly);}
TRIPWIRE ALGORITHM-II
Tripwire Data Files includes Configuration Files, Policy Files Keys, Reports, Databases
(rulename = "Tripwire Data Files", severity = $(SIG_HI)){$(TWDB) -> $(Dynamic) -i;$(TWPOL)/tw.pol -> $(SEC_BIN) -i;$(TWBIN)/tw.cfg -> $(SEC_BIN) -i;$(TWLKEY)/$(HOSTNAME)-local.key -> $(SEC_BIN) ;$(TWSKEY)/site.key -> $(SEC_BIN) ;$(TWREPORT) -> $(Dynamic) (recurse=0);}
REPORT GENERATION
===================================================
Report Summary:============================================
=======Host name: HOSTADMINHost IP address: 127.0.0.1Host ID: 10c0d020Policy file used: /opt/TSS/policy/tw.polConfiguration file used: /opt/TSS/bin/tw.cfgDatabase file used: /opt/TSS/db/somehost.twd
Detection of changes:2 files2011-feb-14 4:05:09 (c: /java/class.java) change detected2011-feb-14 4:05:09 (e:/entertainment) change detected
Denial of access:1 file2011-feb-14 4:05:09 (d: /account details) service stopped
PROS AND CONS
PROS Portable Reliability of data Detection from 3rd party
CONS Single user mode during dB installation Pre-existing files cannot be protected Prevention of unauthorized access is not
possible Hacking of tripwire software itself in open
network
OUR IMPLEMENTATION
STAGE I-PREVENTION IN IDS
New attack SIGATURES are downloaded to prevent newly discovered attacks(worms, viruses).
Patches for vulnerabilities are downloaded and applied for critical software and run regression testing
OUR IMPLEMENTATION
STAGE II-PROTECTION TO TRIPWIRE Compressing and Encrypting the
Tripwire software into a password protected .exe file
Renaming the tw.config file
STAGE III-PRE-EXISTING FILE PROTECTION
Backup of files in portable devices Replacing back the files after
installation of Tripwire software
PERFORMANCE VS SECURITY
BEFO
RE TR
IPW
IRE
AFTE
R TRIP
WIR
E
OUR IMPL
EMEN
TATI
ON0
0.5
1
1.5
2
2.5
3
3.5
DATA SECURITYNETWORK SECURITYPORTABILITYRELIABILITY
questions
Thank you