security.ucdavis.edu

Tripwire Enterprise Tripwire Enterprise Server Network Nodes, Server Network Nodes, Reports, and Reports, and DashboardsDashboards

Vincent Fox and Doreen Vincent Fox and Doreen MeyerMeyer

UC Davis, Information and UC Davis, Information and Educational TechnologyEducational Technology

August 9, 2006August 9, 2006

Network Device NodeNetwork Device Node

A network device node can be A network device node can be any router, switch, firewall, load any router, switch, firewall, load balancer, or unix-compliant balancer, or unix-compliant systemsystem

Adding a Network Adding a Network Device NodeDevice Node

““Network Device” Network Device” RulesRules See User Guide p. 79See User Guide p. 79 Configuration File Rules – check Configuration File Rules – check

ONLY config files of many ONLY config files of many common hardware devices.common hardware devices.

COVR – Command Output COVR – Command Output Validation Rules. Useful to check Validation Rules. Useful to check any runtime aspect of a device.any runtime aspect of a device.

Example: netstat -nrExample: netstat -nr

DemoDemo

Vincent demo of network device Vincent demo of network device rules applied against a NetScreen rules applied against a NetScreen firewall and a UNIX system.firewall and a UNIX system.

ReportsReports

Use reports to identify trends and Use reports to identify trends and problem areas.problem areas.

Report ManagerReport Manager

Report GroupsReport Groups

Report Group Report Group PermissionPermission Any user can create a report. System report group: check box User report group: do not check

box System report group: user must

have ‘Manage System Reports’ permission

New Report New Report

Report TypesReport Types

Change process Change process compliancecompliance

Change rateChange rate Change varianceChange variance Change windowChange window Changed Changed

elementselements Frequently Frequently

changed nodeschanged nodes

Changes by node Changes by node or groupor group

Changes by Changes by severityseverity

Detailed changesDetailed changes Device inventoryDevice inventory ElementsElements Frequently Frequently

changed elementschanged elements

Report TypesReport Types

Last node check Last node check statusstatus

Missing elementsMissing elements Monitoring policyMonitoring policy Nodes with Nodes with

changeschanges Reference node Reference node

variancevariance

System access System access controlcontrol

System logSystem log Unchanged Unchanged

elementselements User rulesUser rules

Change Variance Change Variance ReportReport

Report CriteriaReport Criteria

ActionsActions Change typesChange types ChartsCharts Compare nodesCompare nodes Current versionsCurrent versions ElementsElements FrequencyFrequency GeneralGeneral LinksLinks MessageMessage Message filterMessage filter

Message filterMessage filter NodeNode PackagesPackages Reference NodeReference Node RolesRoles RulesRules Severity ratingsSeverity ratings SortingSorting TasksTasks Time rangeTime range UsersUsers User namesUser names

Change Variance Change Variance CriteriaCriteria

Changes by SeverityChanges by Severity

Changes by Severity Changes by Severity CriteriaCriteria

Creating a Report TaskCreating a Report Task

DashboardsDashboards

Use Dashboards to monitor reports.Use Dashboards to monitor reports.

Creating a New Creating a New DashboardDashboard

QuestionsQuestions

QuestionsQuestions Ongoing discussion formatOngoing discussion format EvaluationEvaluation

ContactsContacts

[email protected]@ucdavis.edu - class - class mailing listmailing list

Vincent Fox - Vincent Fox - [email protected]@ucdavis.edu Doreen Meyer - Doreen Meyer -

[email protected]@ucdavis.edu Bob Ono - Bob Ono - [email protected]@ucdavis.edu Paul Singh - [email protected] Singh - [email protected] Software - [email protected] - [email protected]

security.ucdavis.edu

Documents

Transcript of security.ucdavis.edu