"Your network groans under the weight of monitors and alarms.
Every packet, every bit is inspected, scrutinized, sanitized, and
organized. Surely it is time to relax and take it easy. Except for
one little nagging worry--if an intruder slides through all the
barriers, past all the traps, and successfully cozies into a snug
corner, how will you know?
"Most security applications are reactive: they look for evidence
of known exploits. Tripwire doesn't need a personal introduction to
villains, it detects any suspicious changes. It creates a baseline
snapshot of a system when it is in a known good state, then makes
comparisons against this baseline. When files change that
shouldn't, such as system binaries, or registry objects, Tripwire
will tell you. If the changes are valid, the Tripwire database can
be updated. If there is a problem, the ace admin will know exactly
what was affected.
"It is not meant to replace other security measures, or to be
the sole security measure. It monitors the integrity of your
perimeter watchdogs- 'watches the watchers'--a most useful ability,
as firewalls and routers are prime targets of attack. It monitors
the integrity of internal systems, detecting and reporting changes
no matter where they originate, from the inside or outside. Other
intrusion detectors typically search for signatures of known
exploits, which is useful as long as only known exploits are used