 Tripwire
in the Enterprise: Integrating Tripwire into Big Brother
Elena Khan
I work for Adero, Inc., a start-up that specializes in global caching of Web
content. We first opened shop in Massachusetts two years ago, moved a couple
of times to bigger facilities, and finally found a home in the Boston suburb
of Waltham. As our company grew, however, so did our need for intrusion detection.
Our security team recommended Tripwire, and the operations team (my group) was
tasked with implementing it on 200 machines (comprising four discrete functional
groups) that were already deployed worldwide.
This article describes the system I created for making Tripwire administration
across the enterprise as easy as possible. It was designed for Adero's specific
needs, which were three-fold:
- Install Tripwire on production machines in the field.
- Confirm that the builds were consistent between machines within each functional
group.
- Integrate the running of Tripwire into an existing monitoring system.
Before beginning this project, I tried to find a third-party solution for
using Tripwire in an enterprise, but an extensive Web search produced nothing.
The only product that came close to addressing the problem was from Tripwire
itself -- the "HQ Console". When I evaluated the Console (Q4 of 2000), it was
not robust enough for our needs. As I continued to work on this project, I realized
that the dearth of ready-made solutions was a result of Tripwire's being inherently
"enterprise unfriendly". I will clarify this perception as I explain what I
did and the reasoning behind it. I assume throughout that the reader is familiar
with Tripwire ( |
|
