• No results found

For Internet Facing and Private Data Systems

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "For Internet Facing and Private Data Systems"

Copied!
69
0
0

Loading.... (view fulltext now)

Download now ( 69 Page )

Full text

(1)
(2)

Audience

Prerequisites

Course Overview

Day 1

 Section 1: Functionality and Purpose

Day 2

 Section 2: Policies and Alerts

 Section 3: Live Lab

(3)

Lab Setup – Course DVD  Exercises & Demos

◦ Hands on experience throughout the course

◦ VMWare Player

 Windows 2003 Server

 Self-contained, server and agent are on the same

functional VMWare image

 Demonstration preceding each exercise

 Tripwire training books are available for checkout at the library

(4)
(5)

Functionality and Purpose 5

IIS Server Private Data System

Tripwire Clients

Tripwire Server Push agent out to

system you’re protecting

Or, install agent manually on system you’re protecting Agents accept

settings from server, perform tasks, and send results to server

(6)
(7)

 Minimum hardware requirements

 Network port and hostname requirements  Agent Installation – Services Password!!Demo: Installing Tripwire Enterprise Server

software on Windows 2003 Server

(8)

Functionality and Purpose 8

Port Requirements

Port Protocol Application Use

443 TCP HTTPS Secure HTTP connection to the Tripwire Enterprise from a web browser

8080 TCP HTTP Alternate HTTP port for application integration and agent updates

9898 TCP Services Communication to/from Agent Service

Any and all of these ports are configurable to a different port number

(9)
(10)

Functionality and Purpose 10 

Licensing

◦Contact the CU Licensing Office for License Authorization Code (LAC)

◦Pre-generated LACs include 30 file system nodes and 30 network nodes

 Accessing the Tripwire Enterprise Console

◦ Accepting the SSL Certificate

(11)

 Console Layout

◦ Sidebar

◦ Tabs

◦ Button Bar

◦ Interface Toolbar

◦ Tree Pane

◦ Status Bar

◦ Main Pane

(12)

User Accounts, Roles, and Groups

◦Pre-defined Roles

 Administrator  Power User

 Regular User

 Monitor User

 User Administrator

◦User Groups

(13)

Access Controls

◦An access control is used to limit the

permissions of the specific users and user groups to nodes and node groups.

(14)

User Settings

◦User Preferences

 User preferences affect only the display for a

user

◦Difference (Viewer) Preferences

(15)

System Settings

◦Global configuration options which apply to all users

(16)

◦Severity Ranges

 A numeric value which is used in a rule to indicate changes to monitored objects and the relative importance of these changes.

◦ Global Variables

 Used in place of specific text strings or passwords.

(17)

Exercise 1: Accessing the Console  Exercise 2: Licenses

Exercise 3: Getting Help

Exercise 4: User Accounts and Roles  Exercise 5: User Groups

Exercise 6: Permissions

Exercise 7: User Preferences  Exercise 8: Severity Ranges  Exercise 9: Global Variables

(18)

 How would one obtain a license to run a Tripwire

Enterprise Server?

 What are the configurable user settings?  What is a severity range?

 What is a global variable?

(19)
(20)

Tripwire Enterprise Objects

Nodes

Rules

Actions

Tasks

(21)
(22)

Tripwire Enterprise Objects

Elements

Versions

(23)

Policies and Alerts 23 IIS Server Index.html Search.php Jan 3 Edit July 30 Edit April 7 Edit

(24)

Understanding Groups

◦Node Groups

◦Rule Groups

◦Tasks and Nested Groups

(25)

 Moving, Deleting, Linking, and Unlinking Objects

◦ Move

◦ Delete

◦ Copies of Node Objects

◦ Linking

 Discovered objects

◦ Unlinking

 The Unlinked Folder

◦Importing and exporting objects

Demo

: Working with Objects

(26)

 Exercise 1 – Groups

 Exercise 2 – Moving, Linking, Unlinking, Deleting

Objects

(27)

 What is the difference between a node, rule,

action, and task?

 How is a version related to an element?  Can actions be grouped?

(28)
(29)

Place Nodes in Groups

The Node Tree

 Geographical Location

 Type of Node

Other Node Options

Security Tab

Variables Tab (node specific)

(30)

 Exercise 1 – Node Specific Variables  Exercise 2 – Agent Logs

(31)
(32)

Grouping Rules

The Rule Tree

 Integrity Check

 Links to Rules Library based on time to run

 Rules Library

 Type of Node  Platform

Handout: File System Rule Configuration Reference  Handout: Windows Registry Key and Value Attributes

(33)

Create Criteria Sets

◦Choosing file attributes

 Static attributes

 Dynamic attributes

 Content attribute

 Permissions attributes  Package data attributes

(34)

 Exercise 1 – Criteria Sets

 Exercise 2 – File System Rules  Exercise 3 – Registry Rules

 Exercise 4 – Command Output Capture Rules

(35)
(36)

 Actions are an event that is executed given the

outcome of an element change

 Predefined Actions for file systems

Handout: Actions and Conditional Actions

(37)

 What is the best practice for organizing nodes?  Give an example of a rule that you would create.

Would you associate that rule with an action?

(38)
(39)
(40)

Creating Baselines

◦3 steps before running a baseline

 Check Severity Ranges  Check Monitored Objects

 Schedule

(41)
(42)

Change Notification

◦ E-mail Action – Summary vs. Contextual

◦ Execution Action

Finding Changed Objects

(43)

 Using the Difference Viewer

◦ Modification

◦ Addition

◦ Removal

Exercise: Examining changes

(44)

 Exercise 1 – Tasks and Baselines for File System

Objects

(45)
(46)

 Promoting expected changes

◦ Manual

◦ Promote by reference

(47)

 Managing unexpected changes  Gathering audit information

 Irrelevant Changes – rule tuning

(48)

 What is a baseline?

 What objects are necessary to schedule a

baseline?

 What is an indication of a change in the Tripwire

console?

 What are the different responses to changes?

(49)
(50)

 Archiving Log Messages

 Compacting Element Versions

(51)

 What is the purpose of Tripwire?  What does Tripwire monitor?

 What are the objects that make up a task?  How does Tripwire detect changes?

(52)
(53)

 Creating Policies to Manage Change

◦ General Principles

◦ Step 1: Define a Policy

◦ Step 2: Outline the Policy

◦ Step 3: Create the Policy Objects

(54)
(55)

 Categorize Objects  Remediate Changes

 Minimize the amount of effort required by IT and

management staff

(56)
(57)

 Internet Facing Systems Principles  Private Data Systems Principles  Live Lab Principles

(58)
(59)

Policies and Alerts 59

Change Occurs

Scheduled Task Performed

Appropriate Administrator Alerted

(60)

Policies and Alerts 60 Change Occurred Evaluate Change Unexpected Promote Unexpected Change

(61)

Policies and Alerts 61 Unexpected? Revert Declare Security Incident Revert? Change Detected Authorized Unauthorized Yes No Promote Run the task or

check the rules

(62)

Policies and Alerts 62 Change Occurred Evaluate Change Unexpected Promote Unexpected Change

(63)

Policies and Alerts 63

Fix the rule and task as necessary

Run the task or check the rules

Eliminate elements no longer checked Change

Detected

Unexpected Change

(64)

Policies and Alerts 64 Change Occurred Evaluate Change Unexpected Promote Unexpected Change

(65)

Policies and Alerts 65

Change Detected

Unexpected

Change Tuning

Promote changes as necessary

(66)
(67)
(68)

 Import the rules.xml file

 We’ll follow step by step the reason behind the

pre-defined rules that are outlined in the rules.xml file

(69)

References

Download now ( PDF - 69 Page - 12.70 MB )

Related documents

An Exploration of Faculty and Student Perceptions of Mentoring

Similar in the sense that you’re doing, you know guiding them, but in the formal mentoring I think you’re doing a lot more work just because having someone there and knowing

STATUS OF RECOMMENDATIONS: INFORMATION SYSTEMS SECURITY EVALUATION OF REGION III LISLE, IL (OIG-09-A-15)

Region III will work with the Office of Information Services (OIS) to update the agency’s contingency plan and develop any regional procedures needed to ensure recovery of

A dissimilarity-based approach for Classification

In this note we explore both theoretical properties and empirical behavior of a variant of such method, in which the Nearest Neighbor rule is applied after selecting a set of

Spontaneous Feline Mammary Intraepithelial Lesions as a Model for Human Estrogen Receptor- and Progesterone Receptor-Negative Breast Lesions.

Intraepithelial lesions (IELs), such as usual ductal hyperplasia (UH), atypical ductal hyperplasia (ADH), and ductal carcinoma in situ (DCIS) are risk factors that predict a woman ’

ENTERPRISE PASSWORD SAFE ENTERPRISE PASSWORD SAFE VERSION

Allow password administrators to edit the hierarchy Setting this to Yes will allow users designated as password administrators to edit and create the folders in the password

Air Actuated Stainless Ball Valves 3-Piece Stainless Steel, Full Port

Spring return scotch yoke actuators use air pressure to open and springs to close the ball valve (3- way pilot). Actuator will work with filtered dry or lubricated compressed

Triggering final follicular maturation- hCG, GnRH-agonist or both, when and to whom?

The aforementioned observations demonstrating a comparable or even better oocyte\embryos maturity and quality following GnRHa trigger, as compared to hCG trigger, and the