I’m assuming at least some of you have experience with
Tripwire software in some form or another. For those of you who don’t
have experience with it, it’s purpose is integrity verification.
The whole idea is that it takes snapshots of your system and then compares the
snapshot with a previously taken baseline picture. Knowing this
information is great for both security purposes, and change management.
The security uses are pretty obvious, but we’ve also used it to determine
(with a reasonably high certainty) whether patches really were applied to a
server.
We’ve been using the commercial version of Tripwire
for seven years now, on both Windows and Unix variants. Our current
Tripwire installation is on our highest-value assets. As part of our ongoing
security efforts we have been funded to expand this effort to all of our AIS-owned
devices in our datacenter.
When we talked with the vendor about this, we learned that
there were a couple of other units on campus that were going to be investing in
Tripwire in the near future. Additionally, the vendor mentioned that with
the three prospective purchases we would be over half way to a site license for
the entire campus. The site license would be for the entire Tripwire
suite, which includes the ability to detect change in:
Network Devices - Switches / Routers / Firewalls / IDP / IPS
Windows Servers
Unix/Linux Servers
Desktop Workstations
Databases – currently just Oracle, MS SQL and MySQL
are supposed to be in the works.
Directory Services – Active Directory, Sun Java System
Directory, Novell E Directory
Additionally a central management system is included in the
site license -- which can be deployed multiple times, meaning each unit could have
their own management system and/or there could be a central deployment.
With that being said, we’re in the real preliminary
stages of this, and I wanted to poll campus and see if anyone else might be
interested in this product. I’m assuming a site license would be managed
through the MSU Computer Store, but once again, we’re nowhere near that point.
I’m just trying to find out if other people might be interested in this,
and if it’s worth the effort of moving forward on the possibility of a
site license.
Additional information on Tripwire Enterprise can be found
at: http://www.tripwire.com/products/enterprise/index.cfm
. Also, if you have any questions feel free to ask.
Thanks, and let me know if your department could be
interested,
-tim
________________________________
Timothy D. First, CISSP, MCSE
Information Technologist III
Administrative Information Services
[log in to unmask]
(517) 353-4420 x335
Fax: (517) 355-5176