I have a pretty good understanding of tripwire, and have used it for a
number of years. I still differentiate it from tools I also use like
snort and others. Perhaps this is my choice and fits my needs better.
But, I have programs on my win toys that will monitor changes made when
installing new SW, to ease uninstalling, they have much the same
functionality as tripwire, and are by no means IDS tools for sure.
Norton's tools and certianly others track registry entries to monitor
changes and to provide backouts, again, some of the same functionality as
tripwire and yet by no means in and of themselve an IDS.
Now, would I consider logcheck/swatch and tripwire as tools involved in
the total IDS solutions I roll out? yes.
Of course, I tend to roll tcpwrappers into those solutions, though, I'd
never classify it as a 'firewall'.
Thanks,
Ron DuFresne
On Wed, 7 Mar 2001, mht wrote:
> Tripwire is used to determine how UNIX and Microsoft Windows NT file
> systems, and Windows NT registry keys have changed. It begins by creating a
> baseline database of files, directories, and in the case of Microsoft
> Windows NT, the NT Registry. This baseline includes up to 28 attributes for
> each file. Attributes include: file size, write-times, create-times, number
> of alternate file streams, and up to four cryptographic checksums of the
> file contents.
> Tripwire conducts subsequent file checks, it compares the state of the
> system with the baseline database. Any inconsistencies are reported to and
> to the host systems log file. Additionally, the reports can be emailed to
> an administrator.
>
> A simple but yet complex door knob rattle that requires the following:
>
> Tripwire Technical Training offers convenient, comprehensive training
> courses for anyone who works with Tripwire software. Tripwire Authorized
> Training Centers (TATCs) are located throughout North America. The
> coursework covers the following topics:
> · Installation and Configuration
> · Editing Policy Files to Fine-Tune the Assessment Process
> · Database File- and Integrity-Checking Processes
> · Report File Management
> · Updating Database and Policy Files
> · Deployment Planning
>
> If it was a simple IDS as you state, why does need to take all the listed
> classes above in order to configure it and understand it.. Hmm, must be a
> better way of defining what an IDS is..
>
> (Starting to gnaw on my coyote ugly arm..-:)
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
