Tripwire and IDS Issues
RJ3301 said:
I've also found a program known as Tripwire, that while it doesn't protect your network, it tracks changes made to files on an ongoing basis in the event of a breach.
Tripwire -->YES :giddy: does exactly what an IDS is intended for!
For Windows systems, install Gygwin as a Unix compatible interface.
Under that, Install Tripwire.
Now for the lecture ( sorry )
All IDS systems are reactive just like all AV systems; they're useful after
your system is infected. The nice facility of the IDS is it provides postmortem
analysis as to WHAT WAS CHANGED
(since the last base line was taken) and therein lies the problem --
keeping it up todate with every install.
You save space and time by configuring an IDS to scan ONLY those areas which
impact the integrity of the System; meaning you avoid scanning USER directories.
IMO, users are recovered via a backup solutions.