For
This provides a very good management tool that will aid the integrity of the network and may prevent expensive and unnecessary downtime.
Against
The workstation installation of agents is a time-consuming task that could be better served by a system of roll-out from the main console.
Verdict
Tripwire HQ Manager provides an easy way to accomplish a system watch without excessive hours spent searching for problems and trying to fix them. It even accomplishes what the firewall can't; insider violations can be pinned down by reporting them and tracking them, which may bring the perpetrators to light.

Integrity assessment tools provide an administrator with the ability to watch over the bread and butter of most enterprises, their data. Systems have to be maintained to provide optimum performance if you want to compete on an even keel with your competitors and this takes forward planning, good staff, a workable security policy and the right solutions to help maintain the things that you have already put in place.

Every time a problem arises and you suffer downtime someone else is making money. Excessive problems can lead to substantial loses over time but with good solid procedures in place you may be in an enviable position to avoid the added pressures on your business. Whether changes made to a system are malicious or simply user errors you need to know about them. Prompt action may divert further problems and save time and money, it's as simple as that.

If you have a quality product that provides a workable solution then you will also be able to monitor your systems with ease and lower the stress on your key employees. Centralized administration is an important area to consider. Here you bring your network to the administrator and he or she is relieved of the pressure imposed by having to practice walkabout checks and maintenance.

For those organizations already using Tripwire the release of Tripwire Connector and the Tripwire HQ Manager will be a welcome sight. With the Tripwire Connector the administrator has a way to monitor every networked machine. It has a two-module set-up in the form of Tripwire 2.2.1 integrity assessment software and Tripwire HQ Agent, which manages the connection between the HQ Manager and Tripwire Connector.

What Tripwire HQ Manager accomplishes is a way to centrally manage the integrity of your network over multiple platforms and installations. It provides a practical GUI from which many things may be accomplished:

• editing of configuration files;

• centralized control;

• centralized reporting;

• interactive policy file updates;

• database generation;

• creation and distribution of policy files;

• remotely schedule integrity analysis.

All this serves to provide an easy working environment where your systems can be monitored centrally. The Tripwire HQ Manager puts the administrator in control and allows monitoring of specific areas that should not be changed, while authorized actions can be freely provided without hindrance to the productivity of your staff.

The Tripwire HQ Manager is also made up of two key components. The HQ Console provides the communication of commands to the network machines with Communicator installed, while the HQ Reporter enables the reports to be viewed and managed. If you want to link rule violations to specific email accounts you can configure the emailto attribute. This allows you to choose who should be contacted should a particular scenario arise.

Installing this solution is fairly straightforward and doesn't require a day with a consultant at hand, which may be a relief to guys who like the let's-get-on-with-it approach. Assuming all the networked machines that you want monitored already have Tripwire HQ Connector installed on them, it's simply a case of installing the Tripwire HQ Manager on the machine that you will use as your central location.

The initial set-up will take time, depending on the size of your network, but once Connector is installed on every machine the Tripwire HQ Manager will be able to gather the requisite information to form the basis of your database. It's probably a good idea to give this task to one person to ensure each installation is identical, while you install the Manager. It is a CD-based installation that requires Windows NT 4.0 or later with service pack 3, 32Mb of RAM as minimum and Adobe Acrobat Reader to allow you to view the PDF user's guide.

It is recommended that a back-up of the console key is made to a floppy disk in case of deletion, which will mean you won't have to completely reinstall the Tripwire HQ Manager software from scratch. Now you are in a position to add machines to your console so that you can adequately monitor them, remove them as required, update your database, view reports, distribute files, do integrity checks on various machines and perform other management tasks with ease.

This is a very scalable solution that can manage up to 1,000 Connector nodes per Manager. Once you have the Manager and the Connector talking to each other any system changes that are specified in your policy as unauthorized will be reported to the administrator.

When you have the Tripwire HQ Manager up and running you will be able to control the integrity of your servers and workstations and return your system to its previous state in the event of critical changes being made. Although access to your systems isn't physically prevented you will be informed and appropriate action can be taken. An important point here is the level of inside attacks that are reported each year. Tripwire HQ Manager will provide an alert, allow changes to be rectified and with its reporting may even provide enough evidence to track down the perpetrator. This is an extremely useful notion in a large and prosperous enterprise.
 

SC On-Line
SC Magazine
www.scmagazine.com