IDS mailing list archives

Re: can tripwire be used for sensor integrity???

From: "Wong Chung Yee, Ellis" <ellis.wong () corp sunday com>
Date: Tue, 3 Feb 2004 11:12:46 +0800

There are two product lines for Tripwire:

1. Tripwire for Servers - which runs on various OS, e.g. Linux, AIX, MS
platforms....
2. Tripwire for Network Devices - which supports Cisco IOS, CatOS, PIX OS,
Alcatel, Check Point, F5, ISS, Juniper, NetScreen and others.

Therefore the question is, if your IDS runs on OS type platform, Tripwire
for Servers is the choice.  And you can configure the Tripwire Policy to
protect your IDS setting integrity.  If you are using hardware based IDS,
you can  first check if Tripwire for Network Devices can support; if not,
you might use Tripwire for Servers as many hardware applicance IDS are based
on Linux platform anyway.

Regards
Ellis Wong

----- Original Message ----- 
From: "Gaurav_Jindal" <gaurav_jindal () da-iict org>
To: <focus-ids () securityfocus com>
Sent: Monday, February 02, 2004 12:27 AM
Subject: can tripwire be used for sensor integrity???


I got to know that tripwire coudl work to find out the integrity , can
it be used for integrity of sensors.
As what I read from tripwire that

Tripwire creates a 'secure' (normally kept on a read-only disk/diskette
along w/ the tripwire executable) database of file and directory
attributes (including, if you want, complex MD5 and snefru signatures)
which then can be used to compare against to see if a file or directory
has changed somehow. If a cracker has broken in and replaced
your /bin/date file w/ a trojan horse version, tripwire will let you
know.

do let me know is someone has used some kind of stuff like this for ids
sensors  to find attack in distributed environment?..

Thanking you,
With Regards,
Gaurav Jindal


--------------------------------------------------------------------------

--------------------------------------------------------------------------

-


---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

can tripwire be used for sensor integrity??? Gaurav_Jindal (Feb 02)
- Re: can tripwire be used for sensor integrity??? Wong Chung Yee, Ellis (Feb 02)
- RE: can tripwire be used for sensor integrity??? Rob Shein (Feb 05)
  - RE: can tripwire be used for sensor integrity??? Matt Foster (Feb 24)
- <Possible follow-ups>
- Re: can tripwire be used for sensor integrity??? Chris Kirschke (Feb 02)
  - Re: can tripwire be used for sensor integrity??? Bruce Potter (Feb 04)
- RE: can tripwire be used for sensor integrity??? Teicher, Mark (Mark) (Feb 04)