General discussion


Intrusion detection systems - Is Tripwire really good enough?

One of the key criteria in choosing intrusion detection systems is the issue of scalability. In terms of intrusion detection scalability,tripwire scores really well.

However, dont you think that some sort of security 'intelligence' needs to be part of the intrusion detection products- else these products are nothing but firewall extensions of not much use

The data center portal

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Um, dude, no -- you don't seem to get it.

by apotheon In reply to Intrusion detection syste ...

How is tripwire in any way like an extension of a firewall? Firewalls are filters for data transport. Tripwire is integrity/change auditing software that tells you if something has unexpectedly changed on your system. A filter (hopefully) screens out bad stuff, while auditing checks to see what, if anything, went wrong. These are wholly separate concepts in system security.

A stateful network-layer firewall, such as iptables, provides security "intelligence". Change auditing is an alarm system. Think of it as the difference between roaming guard dogs and intrusion alarms: one helps keep people out, and the other lets you know when the first one has failed. Each protects you in different, and very helpful, ways.

Perhaps you should read up a little so you know what filesystem integrity auditing systems are all about:

Related Discussions

Related Forums