Educause Security Discussion mailing list archives

Re: Tripwire

From: Gary Dobbins <dobbins () ND EDU>
Date: Sun, 18 Sep 2005 09:01:21 -0500

We've used it for 3 years, as an after-the-fact IDS.  Good
supplemental layer.  Offers a number of second-order benefits too,
depending on the maturity of surrounding processes.  Ensuring accurate
and meaningful configuration (and thus keeping daily alerts down to
just actual unexpected changes, while not missing important ones) is
key.  If mis-configured, information can be lost amidst the resultant
noise.  If under-configured, it's ineffective.  Properly used, it can
help one rest better at night.

ron behrang wrote:

Hi All,

Has anyone recently implemented the commercial Tripwire within
their network? Enterprise Version or Tripwire for Servers and Manager...
Any pitfalls, major/minor issues, difficulty of implementation, that I
should
know about?
Any feedback would be appreciated.

Thanks
Ron


--

  ------------------------------------------------------------
  Gary Dobbins, CISSP -- Director, Information Security
  University of Notre Dame, Office of Information Technologies

Current thread:

Tripwire ron behrang (Sep 15)
- <Possible follow-ups>
- Re: Tripwire Huba Leidenfrost (Sep 16)
- Re: Tripwire Gary Dobbins (Sep 18)