AntiOnline: Maximum Security for a Connected World

There is one technology that can detect even the stealthiest of intrusions, regardless of how lightly a hacker treads. It's called Tripwire, and sysadmins are employing it to foil the craftiest of intruders.

Once an intruder sneaks past a server's defenses, the next step is to establish a base of operations of sorts. This means installing trojans or making configuration changes that leave the door perpetually open, granting the attacker access to the system as he or she sees fit.

No matter how sophisticated the method of intrusion, there is one way to prevent your systems from volunteering themselves at someone else's beck and call. Tripwire to the rescue!

This application is a supercharged monitoring utility based on simple principles but made possible by today's processing power. In essence, it keeps track of changes and attempted changes, to critical programs and files and reports suspect attempts to an administrator. What makes Tripwire adept at detecting unauthorized access is a combination of checksum monitoring and strong encryption. Subsequently, the software is able to watch the files and programs under its care like a hawk, detecting even the most minute and innocuous-looking changes.

Wondering how to get the most out of Tripwire? Look no further than Part 1 of a new series of AO tutorials!

Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.

Direct link to this week's spotlight thread:

The Tripwire Tutorial 1.0, Part 1, by Gigabite

Related:

The Tripwire Tutorial 1.0, Part 2, by Gigabite

Excerpts:

Gigabite eases us into Tripwire's powerful capabilities with this introduction:

When someone breaks into a system, they will usually try to gain control by making their own changes to system administration files, such as password files. They could simply change the root user password or replace entire programs, such as the login program, with their own version. One method of detecting such actions is to use an integrity-checking tool like Tripwire to detect any changes to system administration files.

An integrity checking tool works by first creating a database of unique identifiers for each file or program to be checked. These can include features as permissions and file size, but also, more importantly, checksum numbers generated by encryption algorithms from the file's contents. For example, in Tripwire, the default identifiers are checksum numbers created by algorithms like the MD5 modification digest algorithm and Snefru (Xerox secure hash algorithm).

Our tutorial author also explains some helpful commands:
tripwire Initializes and performs integrity checking.
twadmin Administrates Tripwire configuration and policy files, as well as Tripwire encryption keys.
twprint Prints and displays Tripwire database and reports.
siggen Generates new passphrases...
Enjoy the rest of Gigabite's tutorial and be sure not to miss some configuration tips and an explanation of the files critical to Tripwire's inner workings.

What is AntiOnline?

AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on security hazards and how to protect your systems against them.

We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process. Stay tuned as Enterprise IT Planet spotlights the eye-opening discussions and expert participants that have helped make AO the "go to" online resource for network security.