Open Source Tripwire functions as a host-based intrusion detection system. Rather than attempting to detect intrusions at the network interface level (as in network intrusion detection systems), Open Source Tripwire detects changes to file system objects.
When first initialized, Open Source Tripwire scans the file system as directed by the administrator and stores information on each file scanned in a database. At a later date the same files are scanned and the results compared against the stored values in the database. Changes are reported to the user. Cryptographic hashes are employed to detect changes in a file without storing the entire contents of the file in the database.
While useful for detecting intrusions after the event, it can also serve many other purposes, such as integrity assurance, change management, and policy compliance.
Other open source projects exist that provide similar functionality. Examples include AIDE and Samhain.
Tripwire Enterprise Turns a Tripwire Play for Teranet
Teranet was initially interested in implementing Tripwire solely for PCI compliance, but soon discovered a whole suite of capabilities to meet its broader compliance, security and operations needs. “The return on investment from Tripwire is amazing,” said Ruza Manojlovic, Security Operations Manager at Teranet. “We set out to simply meet a PCI requirement and discovered that the same technology enables us to address multiple regulations, strengthen our change control processes, and even eliminate existing software that has been made obsolete by Tripwire Enterprise’s expanding capabilities.”
Tripwire Enterprise automatically detects unauthorized, non-compliant change to enterprise-wide systems and virtual environments and immediately alerts IT staff so that exceptions to its change and release management policies can be immediately investigated. This approach to both continuously assess server configurations and audit production changes enables Teranet to better manage risk by providing continuous, automated compliance and security across its IT infrastructure.
Ms. Manojlovic praised the comprehensiveness of the Tripwire Enterprise solution for helping Teranet meet external regulatory requirements as well as improving internal operations. “Believe it or not, what’s required for regulatory compliance is good for security and operations,” Ms. Manojlovic said. “Tripwire Enterprise allows us to address all three.”
Teranet offers e-services to the legal, real estate, government, financial and healthcare markets. Teranet provides exclusive access to Ontario’s Electronic Land Registration System ("ELRS"), enabling customers to conduct electronic registrations as well as title and writ searches relating to real property. Teranet has also leveraged its core competencies to create electronic service offerings in complementary areas. Teranet’s comprehensive products and services include property information, transaction management, collateral risk management, geospatial information, workflow software and enterprise solutions. Teranet Income Fund units are listed on the Toronto Stock Exchange under the symbol TF.UN. For more information about Teranet, visit www.teranet.ca.
About Tripwire, Inc.
Tripwire helps over 6,000 enterprises worldwide reduce security risk, attain compliance and increase operational efficiency throughout their virtual and physical environments. Using Tripwire�s industry-leading configuration assessment and change auditing solutions, organizations successfully achieve and maintain IT configuration control. Tripwire is headquartered in Portland, Ore. with offices worldwide. http://www.tripwire.com/
Do you know what state your systems are in at this very minute? If an auditor walked in to your company today to ensure all compliance regulations were being met and all change was accounted for, would your organization pass the audit?
If you can say ’yes,’ that your systems are in a known state and are compliant, then you are among the high performers of IT. I congratulate your foresight and strategy to have strong change and configuration management policies and procedures in place.
If, on the other hand, you are among the majority of IT organizations without enforced change management policies in place, I can paint a fairly accurate picture of your organizational state. In all likelihood, the staff is overwhelmed with unplanned work and firestorms; systems are suffering from frequent outages; the usefulness of your CMDB is suspect due to possible configuration inaccuracies; security breaches from both internal and external sources keep causing mayhem; you’re facing fines for not meeting service level agreements; and, expenses incurred to fix audit findings are hitting your bottom line.
There is a simple solution to these problems. Yet it is one that many CIOs and IT managers often overlook–configuration audit and control. The problems listed above can be traced to a single source: an organization’s willingness to allow–and inability to control–unauthorized change. The more unauthorized change, the more vulnerable your datacenter is, and the less able you are to achieve and maintain compliance. High performers have zero tolerance for unauthorized change. Controlling change is at the core of their culture of change management. It’s at the core of their ITIL, COBIT and CMDB initiatives. And it’s at the core of continuous compliance.
At Tripwire, we continue to look for ways to enhance and improve change management
processes, and to help all organizations become great at managing change. To that end, we’re
proud to announce the release of our newest solution, Tripwire Enterprise 7. By proactively correlating and reconciling configuration activity against policies, Tripwire delivers an automated, holistic view of operational, regulatory and security compliance across the dynamic datacenter. (Auditors will love you.)
Tripwire Enterprise 7 is the first solution that combines both change auditing and configuration assessment to enable you to achieve continuous compliance. Tripwire Enterprise not only detects and helps enforce change management, it ensures that changes conform to your company’s policy. This gives users better ability to secure vulnerabilities, service outages, and meet regulatory compliance.
This combination also makes Tripwire Enterprise 7 uniquely positioned to accelerate the success and ensure the continued integrity of CMDBs. Its market-leading integrations with CMDB and IT Service Management Solutions, including BMC Atrium™ CMDB, HP Universal CMDB, CA Service Desk and CA CMDB, result in database accuracy and integrity. By answering three fundamental, business-critical questions–’Is the change authorized’, ’Is the change within policy’ and ’Is the change compliant’– Tripwire Enterprise 7 supplies the detailed change history that keeps configuration inaccuracies from occurring and your IT infrastructure in continuous compliance.
How does Tripwire Enterprise 7 accomplish this?
- It begins with a scan of your environment’s configurations, providing you with a baseline of your entire IT infrastructure
- It then provides an analysis of the difference between your known state and a good or compliant state, giving you the information you need to improve your systems to meet this ideal
- From this point forward, Tripwire detects all change across the datacenter, and in an ongoing manner, it assesses every change for policy and process compliance
- It escalates unauthorized and non-compliant changes so that immediate action can be taken
- It offers real-time tunable change detection, allowing users to choose the type of change detection appropriate for their needs
unmatched breadth and depth across the datacenter, including servers, databases, network devices, active directories, middleware and applications. It also supports leading virtual environments, enabling management of the virtual datacenter.
Tripwire Enterprise is the consummate configuration audit and control solution, providing a single source for detecting and analyzing all change across your entire IT infrastructure. The capabilities inherent in Tripwire Enterprise 7 help organizations better enforce change policy, achieve and maintain a known and trusted state, and reap the benefits of continuous compliance.