[SecurityRatty] tag: tripwire

File Integrity Monitoring: Secure Your Virtual and Physical IT Environments

Mon, 25 Aug 2008 09:00:00 +0000

(Source: Tripwire) Looking for a File Integrity Monitoring Solution? With the numerous servers, devices and applications organizations rely on to support their everyday business, outages and security breaches due to poor IT configurations are unacceptable. In addition, many organizations must now prove compliance with standards like PCI DSS designed to protect systems and sensitive data. File integrity monitoring solutions minimize security risk resulting from undesirable configuration change by monitoring, detecting, and reconciling changes to key files throughout the virtual and physical IT infrastructures.

Learn how file integrity monitoring solutions work and the capabilities you should expect your solution to have. Then review a detailed checklist you should complete before purchasing your solution. Finally, discover how Tripwire Enterprise effectively combines file integrity monitoring with configuration assessment-a single configuration control solution that proactively assesses and monitors the IT infrastructure and enables organizations to achieve and maintain compliance with standards and regulations.

Effective Security with a Continuous Approach to ISO 27001 Compliance

Thu, 10 Jul 2008 09:00:00 +0000

(Source: Tripwire) The ISO 27001 standard is primarily referred to as the Information Security Management System (ISMS) certification standard. Organizations that seek to implement an ISMS are examined against ISO 27001. As with several global standards, the scope of this standard is far reaching, with several sets of control objectives and guidelines. Its fundamental purpose is to act as a compendium of techniques for securing IT environments and thus effectively managing business risk as well as demonstrating regulatory compliance.

ISO 27001 is recognized internationally as a structured methodology for information security. Companies that choose to adopt ISO 27001 demonstrate their commitment to high levels of information security, however it does not mandate specific procedures nor define the implementation techniques for gaining certification. Thus, companies being audited for ISO 27001 compliance deal with the same issues that plague companies facing regulatory audits: how to effectively achieve compliance and, following an audit, cost-effectively maintain it.

The Tripwire Enterprise solution provides organizations with powerful configuration control through its configuration assessment and change auditing capabilities. In this white paper, learn how with Tripwire Enterprise, organizations can quickly achieve IT configuration integrity by proactively assessing how their current configurations measure up to specifications as given in ISO 27001. This provides immediate visibility into the state of their systems, and through automating the process, saves time and effort over a manual efforts.

Configuration Assessment: Choosing the Right Solution

Thu, 10 Jul 2008 09:00:00 +0000

(Source: Tripwire) With security breaches on the rise, demands on IT to attain compliance with industry standards and regulations, and the need to deliver reliable, high-performing services to business users, gaining control over system configurations is a critical challenge that IT must meet head-on. While attempting to meet this challenge, IT must contend with a multitude of issues that range from hard to wrangle virtual environments to the impact of improper configuration change. Configuration assessment solutions help IT address these issues and provide features and capabilities that allow IT to bring the organization's technology infrastructure into a known and trusted state.

In this whitepaper you'll discover:

-Why IT finds it hard to gain control over the configuration of the IT infrastructure.
-What configuration assessment is.
-What types of configuration assessment solutions are currently available, along with their benefits and shortcomings.
-What features and capabilities a truly useful configuration assessment solution must have.
-How Tripwire Enterprise combines configuration assessment with change auditing in a single solution to help IT achieve and maintaining configuration control.

Download this whitepaper to learn what you need to look for in a configuration assessment solution to enhance your organization's systems security, get and stay compliant with relevant industry standards and regulations, and improve operational efficiencies.

Optimizing Infrastructure Control

Thu, 10 Jul 2008 09:00:00 +0000

(Source: Tripwire) This paper outlines the nature of infrastructure integrity, change auditing, and compliance solutions.

It describes how an investment in configuration assessment and change auditing solutions can stabilize IT operations, lowering the operational costs associated with the IT infrastructure; be a force multiplier; and provide a solid foundation that increases the effectiveness of the investment in information security.

Tripwire Releases VMWare Security Tool

Thu, 05 Jun 2008 22:59:46 +0000

I received an email from the folks over at Tripwire today. They have released a tool that can be used to check the security on VMWare configs. I haven’t got the time to review this one so I’ll leave to you the good readership to arrive at your own conclusions.

From Tripwire:

Tripwire® ConfigCheckTM is a free utility that rapidly assesses the security of VMware ESX 3.5 hypervisor configurations compared to the VMware Infrastructure 3 Security Hardening guidelines. Developed by Tripwire in cooperation with VMware, Tripwire ConfigCheck ensures ESX environments are properly configured—offering immediate insight into unintentional vulnerabilities in virtual environments—and provides the necessary steps towards full remediation when they are not.

And the best part? It’s free.

Now it would be nice if more vendors would take a hint and release free tools from time to time to help us get our job done. It would leave us collectively better disposed to them and their product portfolios in the long run.

Article Link

Getting baseline records established with Tripwire 7

Mon, 28 Apr 2008 20:00:00 +0000

We installed Tripwire 7 and have deployed the software agents to the systems we want to monitor, but are having trouble getting our baseline records established. We created nodes for each of our Windows servers and set up the Active Directory monitoring rules we want the system to use for monitoring directory service operations. For some reason the baseline operation runs very briefly and does not create a baseline record or provide any error messages to guide our troubleshooting. Any ideas?

Make Sure You Know When Someone Hacks Your Email

Mon, 18 Feb 2008 20:10:05 +0000

If someone has cracked your email password, it may not be apparent to you. A snooper can easily read an email then mark it as unread again. So the best thing to do would be to set up an “electronic tripwire” so if someone breaks into your account, you’ll know about it.