Adding the changes to the baseline required a couple of clicks.īecause of the graphical nature of the interface, it’s possible to monitor Tripwire without spending your time staring at the screen. Tripwire picked up the changes when the next integrity check was run, and flagged them.
HOW TO INSTALL TRIPWIRE ON WINDOWS UPDATE
I also ran Windows Update and installed a couple of new programs. I tested Tripwire’s ability to pick up on changes I made by creating new folders and files in Windows’ Program Files and System 32 directories. The graphical display makes it easy to see whether there are changes to the machines you’re monitoring, and the details are flagged by icons that indicate the type of change and the severity. The changes are reported in both graphical and text form on the Tripwire Manager screen. It uses this baseline to compare against later checks of each server to see what changed. The first time it runs, Tripwire creates a baseline configuration for each server, which it can update as needed. So it might not be a good idea to run Tripwire during the busiest part of your day. You can set the frequency of these checks, but be aware that each one takes a minute or so, and during that time, the machine shares its CPU cycles between Tripwire and whatever else it’s supposed to be doing. Once it’s up and running, Tripwire for Servers makes periodic integrity checks of the machine on which it’s installed.
For major installations, you can create an installation template that will make the process easier. Installing Tripwire for Servers is straightforward, but it requires inserting the CD into each server - a tedious process if you have hundreds or even dozens of servers to monitor. The company also has plug-ins for the Hewlett-Packard OpenView and IBM Tivoli management frameworks. Tripwire points out that you really only need Tripwire for Servers if you already have an SNMP management application that you’re using to keep tabs on your network. The changes are reported to the Tripwire Manager, which displays them to the network manager. Tripwire for Servers is the product that actually installs on the servers and monitors them for changes. The Tripwire solution consists of two separate products.
The major differences are the cost, the platforms they support, and how well they work.
HOW TO INSTALL TRIPWIRE ON WINDOWS SOFTWARE
The manner in which the Tripwire and Pedestal Software solutions perform these tasks varies somewhat, but when you get right down to it, they perform nearly identical functions. Both will alert the network manager to additions, deletions, or changes to files on the system produce reports explaining what happened and by whom it was done and if set up appropriately, reverse a change as soon as it’s made. The two change-detection applications reviewed here are designed to notice when something important changes on a system you’re monitoring. And, for the most part, they aren’t designed to protect against random acts of dumbness carried out by your employees.
While intrusion-detection products promise to keep an eye on the network assets, their capabilities are limited. The reason is obvious: In addition to threats provided by ill-behaved applications, there are problems with employees installing pirated software, worms getting in, rogue employees trying to break into files they shouldn’t see, and the occasional hacker trying to create havoc. Keeping tabs on who’s doing what to the enterprise network is a crucial part of an IT manager's job.
0 kommentar(er)
