The Trouble With Tripwire: Making a Valuable Security Tool More Efficient

by Edward R. Arnold
Sept. 23, 2017 0 comments Symantec firewall tripwire

Even with the protection that a security perimeter may provide, the fact remains that firewalls aren't foolproof and that potential attackers are hard at work, 24 hours a day. No networks are entirely secure. Furthermore, some organizations must allow remote logins to machines from sites outside their perimeter, meaning they must maintain a certain number of semi-exposed hosts that are vulnerable to attack. It is not enough to know that a system has been scanned or probed. If an attack is detected, how can it be determined that a system has actually been compromised and important files removed or altered? One answer is to always run Tripwire, or one of its free-ware cousins, in order to detect changes in critical system files.

https://www.symantec.com/connect/articles/trouble-tripwire-making-valuable-security-tool-more-eff...