26-02-2012, 02:13 PM
I am a student of final b.tech with IT requesting you to send a document on the topic tripwire with minimum of 30pages
1.Introduction
Security in computer systems is important so as to protect the integrity of stored information. The file system provides mechanism for storage and access to data and programs in a computer system. Information residing on a file system is valuable and should be monitored for unauthorized and unexpected changes to protect the system against intrusion. In a network platform, monitoring these changes becomes quite a daunting task. Tripwire is a tool that aids UNIX system administrators to check for any changes that are made on selective set of files, directories, and databases. It notifies the system administrator of altered or corrupted files so that the system administrator can take actions in a timely manner.
In a system, files are constantly updated and if an intrusion detection tool reports every changed file then amount of data that has to be interpreted by the system administrators becomes huge. Consider a scheme where there are reports for ownership file changes and for changes in access timestamps for thousands of files. In that case, it is possible that changes in timestamp reports may obscure any potential dangerous ownership file changes and may go unnoticed by the system administrator. However, in some cases, changes to a file’s access stamp may be of interest. In such cases, “trap files” could be placed as tripwires against intruders. Tripwire generates output that is easy to scan by allowing selective files to be monitored. Usually the files that are selected for monitoring are the files that are not subjected to change a lot and any change to those files are of concern. For example, changes in system log files are expected, but a change in inode number, file modes or ownership is a cause of concern. In simplest terms, Tripwire creates a secure database of file and directory attributes including their signatures, which then can be used to compare against to see if a file or directory has changed somehow. Any differences are reported. When run against system files on a regular basis, any changes in critical system files will be spotted -- and appropriate damage control measures can be taken immediately. Tripwire uses several checksum/message-digest/secure-hash/signature routines to detect changes to files. The hash function is based on the contents of the file on which the function is applied, which are computationally infeasible to reverse engineer. You can customize Tripwire to use specific signature algorithm out of the many algorithms supported for each object.
search