Get Tripwire for Web Pages to protect your site against vandalism. Saving face Get Tripwire for Web Pages to protect your site against vandalism.
Naturally when you set up your Web server, you installed Tripwire for Servers or a similar file system integrity-checking utility. Tripwire scans your core system files and stores a kind of snapshot of those files in a database. It then sits back and watches these files for any changes or modifications. Subsequent or even attempted changes to these files will result in an alert to the system administrator.
This is a great security utility to be sure, but what about non-system files like those that constitute your Web site? Never fear: Tripwire, in partnership with Covalent, has recently released Tripwire for Web Pages into its security software stable. Tripwire for Web Pages works in much the same way as the flagship server product. After an initial scan of a Web site’s pages, the server analyzes those pages before sending them to a browser. If a file has been modified without a Tripwire database update, customizable events are triggered, including delivering a “File not available” page to the visiting browser, rather than a page that may have been altered or defaced.
This product has come along at just the right time, as hacktivist, black hat and script kiddie defacements increase, and corporate IT management staffs look to mitigate any embarrassment and downtime associated with a compromised Web server. Though site defacements can be accomplished by a security lapse as simple as an outdated FTP login, the resultant cleanup and downtime can be costly.
Unauthorized file modifications can be handled in a myriad of ways. Files can be restored from a backup medium, shell scripts can be run, and e-mails can be sent to the site administrator to enable him or her to deal with the problem.
Unfortunately for those running their Web servers on IIS or iPlanet, Tripwire for Web Pages is only currently available for unix-based Apache 1.3.12+ servers, which is unfortunate given the number of recent IIS exploits. Rest assured, however, that IIS as well as iPlanet support is planned.
You can install Tripwire for Web Pages from a command line or graphical interface. Tripwire can be integrated into an existing Apache Web server via a DSO module, or you can install a pre-tuned version of Apache with Tripwire that is included in the installation. Because Tripwire runs as an Apache module, the system overhead required to analyze the integrity of served files is not significant.
This is most likely the most expensive product I have recommended in this column, at almost $1100, but one that will act as an extra blanket of security for frazzled site administrators.
Garth Gillespie is architect and chief technologist for ComputerUser.com.