Tripwire

If you’re as old as the Reviewmeister, you probably remember running Tripwire to ensure file integrity on Unix systems. Tripwire for Network Devices builds on the foundation of the file integrity assurance product, but goes further by incorporating support for network devices.

Tripwire has vendor-specific support for products from Check Point, Cisco, Extreme, Foundry, HP, Nortel and others, and says it can manage up to 100,000 devices.

TND can connect to TACACS+ or RADIUS servers to confirm the identity of individuals making changes to the configuration of monitored devices. This is part of TND’s configuration security focus, as it reports the who, what, where, when and why (with specifics) of any changes. The security focus continues with a very full set of notification options when configuration changes are detected. E-mail notification and SNMP traps are included, as are device configuration restore and update rollback features.

Configuration information is transmitted via TFTP back to the Tripwire server, or communications can be secured by using SSH/Subscriber Control Platform (SCP). Staying true to its name, TND can capture output from nearly any network device you can log on to – it then can run regular expressions on the corresponding output. In addition to network device configurations, TND stays true to its ancestry by letting Unix files be monitored.

The built-in log viewer is excellent for isolating errors, and TND can share information with several applications through Open Database Connectivity/Java Database Connectivity (ODBC/JDBC) and XML file connectivity. In addition, TND has direct hooks for many major network management frameworks, such as HP OpenView Network Node Manager, IBM Tivoli and Computer Associates Unicenter. A tool can run integrity checks against TND from a source outside the machine hosting TND, which assures administrators that the control system has not been compromised.

The most significant drawback was in establishing a baseline inventory – TND doesn’t support auto-discovery of network devices. Instead, we were forced to manually add or import a list of devices (through XML, CSV or ODBC/JDBC) from an existing inventory management system. Exporting the list of devices and configuration also can be done using those methods. Credentials can be added to a single device, or shared credentials can be established by assigning a credential to a variable and used across multiple devices.

While TND is a system with a lightweight footprint, it still can get the job done – as long as you carefully define the job and let TND work within a system of other network management software. Future releases will focus on enhancing device management, reporting and conformance checking capabilities.https://www.nwfusion.com/reviews/2004/0419rev.html 

For the full report, go to