26,333 views
19 votes
19 votes
An example of a host-based intrusion detection tool is the tripwire program. This is a file integrity checking tool that scans files and directories on the system on a regular basis and notifies the administrator of any changes. It uses a protected database of cryptographic checksums for each file checked and compares this value with that recomputed on each file as it is scanned. It must be configured with a list of files and directories to check and what changes, if any, are permissible to each. It can allow, for example, log files to have new entries appended, but not for existing entries to be changed. What are the advantages and disadvantages of using such a tool? Consider the problem of determining which files should only change rarely, which files may change more often and how, and which change frequently and hence cannot be checked. Hence consider the amount of work in both the configuration of the program and on the system administrator monitoring the responses generated.

User SriPriya
by
2.5k points

1 Answer

14 votes
14 votes

Answer:

The main problem with such a tool would be resource usage

Step-by-step explanation:

The main problem with such a tool would be resource usage. Such a tool would need a large amount of CPU power in order to check all of the files on the system thoroughly and at a fast enough speed to finish the process before the next cycle starts. Such a program would also have to allocate a large amount of hard drive space since it would need to temporarily save the original versions of these files in order to compare the current file to the original version and determine whether it changed or not. Depending the amount of files in the system the work on configuring the program may be very extensive since each individual file needs to be analyzed to determine whether or not they need to be verified by the program or not. Monitoring responses may not be so time consuming since the program should only warn about changes that have occurred which may be only 10% of the files on a daily basis or less.

User Ric
by
2.7k points