RE: can tripwire be used for sensor integrity???

["Teicher, Mark (Mark)" <teicher () avaya com>]

TripWire for Routers needs some minor improvement.  It really depends on
how the security architecture for a particular organization is designed
(Confidentiality, Integrity, Availability), on the path one takes for
tuning and differential change management.  There are other possible
solutions other than TripWire for Servers, i.e. SecureWave
(www.securewave.com)

/mark 

-----Original Message-----
From: Chris Kirschke [mailto:durnie () hushmail com] 
Sent: Monday, February 02, 2004 10:39 PM
To: gaurav_jindal () da-iict org; focus-ids () securityfocus com;
ellis.wong () corp sunday com
Subject: Re: can tripwire be used for sensor integrity??? 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would also recommend you look at the Veracity product from
www.rocksoft.com.
I've had much success with it for about 1/3 of the price. You give up
Tripwire's great GUI but you still get all the functionality in the end.
IMHO, of course...

Chris Kirschke

On Mon, 02 Feb 2004 19:12:46 -0800 "Wong Chung Yee, Ellis"
<ellis.wong () corp sunday com>
wrote:
> There are two product lines for Tripwire:
>
> 1. Tripwire for Servers - which runs on various OS, e.g. Linux, AIX, MS

> platforms....
> 2. Tripwire for Network Devices - which supports Cisco IOS, CatOS,  PIX

> OS, Alcatel, Check Point, F5, ISS, Juniper, NetScreen and others.
>
> Therefore the question is, if your IDS runs on OS type platform,  
> Tripwire for Servers is the choice.  And you can configure the Tripwire

> Policy to protect your IDS setting integrity.  If you are using 
> hardware based IDS, you can  first check if Tripwire for Network 
> Devices can support; if not, you might use Tripwire for Servers as many

> hardware applicance IDS are based on Linux platform anyway.
>
> Regards
> Ellis Wong
>
> ----- Original Message -----
> From: "Gaurav_Jindal" <gaurav_jindal () da-iict org>
> To: <focus-ids () securityfocus com>
> Sent: Monday, February 02, 2004 12:27 AM
> Subject: can tripwire be used for sensor integrity???
>
>
> > I got to know that tripwire coudl work to find out the integrity
> , can
> > it be used for integrity of sensors.
> > As what I read from tripwire that
> >
> > Tripwire creates a 'secure' (normally kept on a read-only 
> > disk/diskette along w/ the tripwire executable) database of file and 
> > directory attributes (including, if you want, complex MD5 and snefru 
> > signatures) which then can be used to compare against to see if a 
> > file or
> directory
> > has changed somehow. If a cracker has broken in and replaced your 
> > /bin/date file w/ a trojan horse version, tripwire will let
> you
> > know.
> >
> > do let me know is someone has used some kind of stuff like this
> for ids
> > sensors  to find attack in distributed environment?..
> >
> > Thanking you,
> > With Regards,
> > Gaurav Jindal
> >
> >
> > --------------------------------------------------------------
> ------------
> -
> > --------------------------------------------------------------
> ------------
> -
>
>
> ----------------------------------------------------------------
> -----------
> ----------------------------------------------------------------
> -----------
life is meant to be lived. hear me? didn't think so...
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkAfNB8ACgkQ3UH5NRolsbY9RwCeOIIYLz65PLr9+xxsH06DLD1x2U4A
n06jhOa5eW4gZXwqVaBVj5vJOu+l
=sdue
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
---
------------------------------------------------------------------------
---




---------------------------------------------------------------------------
---------------------------------------------------------------------------