Escolar Documentos
Profissional Documentos
Cultura Documentos
WHITE PAPER
CURITY BREACHES NERC INSIDER THREATS PCI FAILED AUDITS FDCC REGULATORY VIOLATIONS BASEL II SYSTEM OUTAGES MiFID SE
Y BREACHES COBIT INSIDER THREATS PCI FAILED AUDITS PCI REGULATORY VIOLATIONS ISO27001 SYSTEM OUTAGES GLBA SECUR
EACHES NERC INSIDER THREATS SOX FAILED AUDITS PCI SECURITY BREACHES NERC FILE INTEGRITY MONITORING PCI REGULATORY VIO
NS BASEL II SYSTEM OUTAGES MiFID SECURITY BREACHES COBIT INSIDER THREATS FDCC FAILED AUDITS PCI REGULATORY VIOLATIO
27001 SYSTEM OUTAGES GLBA SECURITY BREACHES NERC INSIDER THREATS SOX FAILED AUDITS PCI REGULATORY VIOLATIONS BASE
TEM OUTAGES MiFID SECURITY BREACHES COBIT INSIDER THREATS FDCC FAILED AUDITS PCI REGULATORY VIOLATIONS ISO27001 SYST
TAGES GLBA SECURITY BREACHES NERC INSIDER THREATS SOX FAILED AUDITS PCI REGULATORY VIOLATIONS BASEL II SYSTEM OUTAGES M
CURITY BREACHES COBIT INSIDER THREATS FDCC FAILED AUDITS PCI REGULATORY VIOLATIONS ISO27001 SYSTEM OUTAGES GLBA SECUR
EACHES NERC INSIDER THREATS SOX FAILED AUDITS PCI REGULATORY VIOLATIONS BASEL II SYSTEM OUTAGES MiFID SECURITY BREA
COBIT INSIDER THREATS FDCC FAILED AUDITS PCI REGULATORY VIOLATIONS ISO27001 SYSTEM OUTAGES GLBA SECURITY BREACHES N
IDER THREATS PCI FAILED AUDITS FDCC REGULATORY VIOLATIONS BASEL II SYSTEM OUTAGES MiFID SECURITY BREACHES COBIT INSID
REATS PCI FAILED AUDITS PCI REGULATORY VIOLATIONS ISO27001 SYSTEM OUTAGES GLBA SECURITY BREACHES NERC INSIDER THREATS
LED AUDITS PCI SECURITY BREACHES NERC INSIDER THREATS PCI FAILED AUDITS PCI REGULATORY VIOLATIONS BASEL II SYSTEM OUTAG
ID SECURITY BREACHES COBIT INSIDER THREATS FDCC FAILED AUDITS PCI REGULATORY VIOLATIONS ISO27001 SYSTEM OUTAGES G
CURITY BREACHES NERC INSIDER THREATS SOX FAILED AUDITS PCI REGULATORY VIOLATIONS BASEL II SYSTEM OUTAGES MiFID SECUR
EACHES COBIT INSIDER THREATS FDCC FAILED AUDITS PCI REGULATORY VIOLATIONS ISO27001 SYSTEM OUTAGES GLBA SECURITY BREACH
RC INSIDER THREATS SOX FAILED AUDITS PCI REGULATORY VIOLATIONS BASEL II SYSTEM OUTAGES MiFID SECURITY BREACHES COBIT INSID
REATS FDCC FAILED AUDITS PCI REGULATORY VIOLATIONS ISO27001 SYSTEM OUTAGES GLBA SECURITY BREACHES NERC INSIDER THRE
FAILED AUDITS PCI REGULATORY VIOLATIONS BASEL II SYSTEM OUTAGES MiFID SECURITY BREACHES COBIT INSIDER THREATS FDCC FAI
DITS PCI REGULATORY VIOLATIONS ISO27001 SYSTEM OUTAGES GLBA
IT SECURITY AND COMPLIANCE AUTOMATION SOLUTIONS
EXECUTIVE SUMMARY
Todays organizations rely on numerous devices and applications in
their physical and virtual IT infrastructure to carry out their everyday
business. When these devices are configured improperly, whether
as a result of malicious hacker attacks or inadvertent employee
modifications, the IT infrastructure may be exposed to security risk
that leads to service outages and theft of sensitive customer or
organization data.
As a means of combating issues caused
by improper change, organizations
employ file integrity monitoring FIM
solutions to keep an eye on a variety
of files associated with the IT infrastructure, including configuration files,
registry files, executables, and more.
Many of these solutions first establish
an authorized baseline configuration,
which represents the known and trusted
state of a system. The solution then
monitors these files for any change that
diverges from the established baseline
configuration and alerts IT when changes are detected. IT can then determine
if the change is a good or undesirable
and take any necessary corrective
measures. Some FIM solutions can
automatically reconcile changes against
pre-defined parameters to help streamline the change management process.
At a minimum, a FIM solution should
be able to establish a baseline, monitor for configuration change relative
to the baseline, determine if change
is planned or unplanned, alert when
unplanned change occurs, and provide
detailed information to help IT remediate any improper changes. Using a
detailed requirements checklist can
help ensure youve chosen the solution
for your IT infrastructure.
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
ESTABLISHES A BASELINE
When IT deploys a system/component
into its technology infrastructure, it typically does so with the knowledge that
the component is initially configured
appropriately. A file integrity monitoring
solution captures the known good state
of the entire systems IT configuration
settings when it is deployedor when it
has been configured with recommended
settingsand uses this state as a baseline configuration against which the
solution can compare a later configuration. Many times this configuration state
is referred to as a golden, compliance,
or configuration baseline. A baseline-tocurrent-configuration comparison lets
the solution immediately and automatically detect discrepancies caused by
change.
Given todays rapid deployment of virtual
machines, an ideal file integrity monitoring solution would also include in the
baseline the configurations of virtual
environment elements. These elements
include the physical server, hypervisor,
each guest OS, and any applications and
databases running on a guest OS.
ALERTS AND NOTIFIES IT
When the solution detects change,
whether authorized or unauthorized, IT
needs to determine whether or not the
integrity of a file has been compromised
and whether the change requires immediate attention. IT should have the ability
to specify which devices and files are
critical and therefore require high-level,
immediate attention versus those that
do not. For example the configuration
file of an e-commerce site or a database populated with sensitive customer
financial or medical data would warrant
immediate attention, while configuration
changes to non-critical systems could
be addressed as time permitted.
Based on whether a system was viewed
as critical or non-critical, the solution
should be able to send alerts and notifications using a variety of methods to be
sure IT receives them. For example, an
email alert is worthless if the detected
change disrupted email service. Other
methods of notifying IT include an
alert in the system tray, SNMP, CMD,
SYSLOG, page, or within the management console. Early detection enables
the administrator to quickly make any
necessary corrections.
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
PROVIDES ASSISTANCE
IN REMEDIATION
Although it may seem counter-intuitive,
most system administrators, or other IT
staff, prefer to roll back critical changes
manually. What many want is information that a change has been made along
with step-by-step assistance in recovering from changes they determine to be
undesirable. A file integrity monitoring
system should include highly prescriptive instructions to not only enable quick
remediation of improper settings, but to
also allow less-experienced IT personnel to correct problems they might not
have the experience or knowledge to
correct on their own.
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
UNIX
Access time
Access time
Creation time
Change time
Write time
Modify time
Size
Size
Package data
Package data
Read-only
ACL
DACL
User
SACL
Group
Group
Permissions
Owner
Growing
Growing
MD5
MD5
SHA-1
SHA-1
Hidden flag
Stream count
Stream MD5
Offline flag
System flag
File attributes being monitored may include hostname, username, ticket number, date and time stamp and operation type.
Specifically for server file systems, the table below provides an
overview of the type of attributes these solutions may monitor:
Temp flag
Compressed flag
Archive flag
SERVER FILE SYSTEMS
DATABASES
NETWORK DEVICES
DIRECTORY SERVICES
HYPERVISORS
APPLICATIONS
Registry entries
Tables
Routing tables
Privileged group
Permissions
Configuration files
Indexes
Firewall rules
Firewall settings
System files
.exe
Stored procedures
Configuration files
RSoP
Auditing/logging
Logs
File permissions
Permission grants
ACLs
Access controls
Registry settings
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
INTEGRITY VERIFICATION
The following requirements address how any file integrity monitoring solution should
verify file and attribute integrity.
INTEGRITY VERIFICATION
Y/N
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
OPERATIONAL REQUIREMENTS
The following requirements address how any file integrity monitoring solution is
managed and supported from a user perspective.
OPERATIONAL REQUIREMENTS
Ability to generate a baseline of a server(s) so that integrity is based on a known good state.
Ability to create a single baseline that can be distributed to a group of servers to verify differences from baseline (i.e. configuration verification).
Execution of commands based on integrity violations.
Policy files can be remotely distributed via a console to one or more machines.
Policy templates are available from vendor.
Files and directories can be grouped together in policy template (rule blocks).
Specify severity level to individual files and/or directories.
Supports file directory recursion.
Console can view status of machines.
Console can group agents.
Ability to have monitoring (view-only) only consoles available for defined users.
Templates can utilize wildcards or variables (to encompass minor differences in file system contents between systems).
Can operate through firewall (ports opened).
Works well in low bandwidth connections.
Can update snapshot database from console.
Ability to easily and quickly update multiple baselines at once, in cases where routine maintenance and/or changes cause integrity violations.
Ability to automatically promote baseline.
Ability to auto-promote changes when real-time analysis of change indicates they are inconsequential or beneficial.
Management console that is cross platform (i.e. Windows and Unix).
Management console can detect status of agents.
Allows users to quickly compare two versions and quickly isolate changes or differences between versions.
Agents operate on Windows , Linux and Unix.
Can change agent passphrases from console.
Transfer only delta change information for each scan (after the first), not all configuration data each time
Scalability to address requirements of both individual departments and entire enterprise worldwide.
Ability to provide users access from anywhere to a single location which allows them to view, search, and compare configurations.
Provides immediate access to detailed change information.
Arrange and manage monitored components in a number of ways including by location, device type, and responsibility.
Enables explanations, descriptions, or labels to be annotated to any version by users.
Provides authorized users the ability to establish one specific version as a trusted configuration for each system.
Provides standard sets of defaults and templates for each operating environment
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
Y/N
Y/N
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
Y/N
Y/N
10
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
The following requirements address reporting and alerting functionality that any file
integrity monitoring solution should include.
Y/N
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
11
TRIPWIRE
COMPLETE CONFIGURATION CONTROL
Tripwire Enterprise software is the only solution that effectively
combines powerful compliance policy management with file integrity
monitoring to get the IT infrastructure into a known and trusted
state and keep it there. It does this by immediately detecting file and
configuration changes through continuous file integrity monitoring
and assessing those changes in real-time against a host of criteria
called ChangeIQ capabilities to identify changes that introduce risk
or take systems out of compliance. Tripwire Enterprise then provides
remediation advice for undesirable changes so IT can immediately
fix issues, and auto-promotes all other changes so IT doesnt have
to spend time manually reviewing a tremendous number of probably
intentional and beneficial changes.
MORE POLICIES AND PLATFORMS
Tripwire Enterprise offers file integrity
monitoring and policy compliance management and ships with coverage for
nearly 40 platforms across a broad range
of core business applications, servers,
file systems, directory services, virtualization, network devices, databases and
middleware. Tripwire provides over 100
out-of-the-box policies to assess and
validate configurations against known
standards such as CIS, PCI, SOX, NIST,
COBIT, FISMA, FDCC, VMware, etc., as
well as operational policies tuned for
performance and reliability. With numerous out-of-the-box compliance policies,
Tripwire helps organizations gain control
over the configuration of their businesscritical systems.
Tripwire additionally offers PCI for
Retailers and PCI for Hospitality at an
affordable, fixed-price-per-store or
hotel pricing scheme. These offerings
allow retail businesses and those in
the hospitality industry to ensure that
customer data is secure not only in the
corporate IT infrastructure, but also
12
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
TRIPWIRE
THE KEY TO COMPLETE COVERAGE
The need for file integrity monitoring of systems throughout virtual
and physical infrastructures would be difficult to dispute. Without a
solution to detect and reconcile improper change, organizations are
subject to any number of negative consequencesstolen data and
information, system outages, diminished reputation, and lost revenue
and productivity. However, choosing a file integrity monitoring solution
requires knowledge of desirable features that solution should
include. In addition to having comprehensive and reliable file integrity
monitoring capabilities, the ideal solution should include policy
compliance management capabilities that enable proactive validation
of the state of the IT infrastructure against internal and external best
practices and policies. This policy-based approach helps organization
achieve a known and trusted state. The solution should also include
the ability to analyze changes as they are detected to determine if
they introduce risk or move systems into a non-compliant state and
provide easy access to remediation guidance, so IT can immediately
fix undesirable change. And to ensure IT isnt overwhelmed by the
huge number of detected changes, the solution should have the
ability to auto-promote desirable changes.
Tripwire, the leading provider of IT
security and compliance automation
solutions, combines powerful policy
compliance management, file integrity
monitoring, real-time analysis of change
and optional automated remediation in
a single solution: Tripwire Enterprise.
With Tripwire Enterprise, organizations
achieve and maintain configuration
control and ensure compliance with
important standards and regulations,
generate evidence of compliance for
easier and less costly audits, reduce
security risks, and increase confidence in
the delivery of services and information
to the organization and its customers.
File Integrity Monitoring: Compliance and Security for Virtual and Physical Environments
13
..:
Tripwire is a leading global provider of IT security and compliance automation solutions that help businesses,
government agencies, and service providers take control of their physical, virtual, and cloud infrastructure. Thousands
of customers rely on Tripwires integrated solutions to help protect sensitive data, prove compliance and prevent
outages. Tripwire VIA, the integrated compliance and security software platform, delivers best-of-breed file integrity,
policy compliance and log and event management solutions, paving the way for organizations to proactively achieve
continuous compliance, mitigate risk, and ensure operational control through Visibility, Intelligence and Automation. :.
LEARN MORE AT WWW.TRIPWIRE.COM AND @TRIPWIREINC ON TWITTER.
2011 Tripwire, Inc. Tripwire, VIA and ChangeIQ are trademarks of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved.
WPFIM3n 201001