Detecting attacks with the Tripwire IDS
Silent Guardian
© John Nyberg, sxc.hu
The simple but effective Tripwire HIDS provides its service quietly and discreetly, preventing attackers from infecting computers with trojans, backdoors, or modified files by identifying anomalies unnoticed by the user.
Intrusion Detection Systems (IDS) detect attacks on computers and networks by monitoring network traffic and recognizing attack patterns and anomalies.
Some IDS tools detect evidence of an attack by searching for unexpected configuration changes. If the IDS works as intended, it will alert the administrator responsible for the system when it discovers an attack. This prompt notification mitigates, and sometimes even prevents, any damage associated with the attack.
Some IDS systems patrol an entire network (network-based IDS, or NIDS), and some target an individual host (host-based IDS, or HIDS). Snort, Suricata, and Prelude are important NIDS tools. The HIDS category includes applications such PortSentry, Logcheck, Samhain, and OSSEC, as well as Tripwire [1], which will be the focus of this article.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
US / Canada
UK / Australia