Tuesday, April 11, 2006

Tripwire and Security

I notice that some of the servers in DMZ zone are installed with Tripwire. While I have heard of this term before, I never really looked into how it works. Well, I did some investigation and know understand the technological underpinning behind Tripwire product. Tripwire basically takes a snapshot of your file system by checking each file and generating a file signature and then store all that information in a database. Then you can run reports off the database to see what files got added, deleted or modified. If you see that some system binary files got changed, then your system is probably hacked into. Now I'm wondering if there's a version for my windows PC at home. I suppose that to be secured, I'll need at least 2 servers at home. The windows box that my kids uses can be installed with a tripwire like software and the database hosted on a second pc, possibly a linux box with mysql on it. Since I have a router and a wireless router, I can setup a dmz zone with the windows pc in the dmz zone and the linux server behind the second router to further secure the linux box and the database from tampering. With all the security holes in a Windows box, why don't I put the linux in the dmz as a bastion host? Well, that's because my kids want to go to the internet and play games or look at trailers on the Windows box. That's the more vulnerable box that I want to secure prevent it from spreading virus to other computers in my home network, so isolating that box in the dmz makes more sense to me. I plan to research some more on a tripwire like software for the PC and post the results here. If they don't have one, maybe it's time for me to write one myself.

1 comment:

digital signature said...

THANK-YOU so much for taking the time to create this easy-to-understand post!