While most generic network management products can keep a close eye on general performance of devices such as switches and routers few, if any, have the tools to secure their configuration files. Many vendors offer proprietary solutions to this problem with the result that support staff in heterogeneous environments have to juggle a variety of management interfaces. TripWire for Network Devices (TND) cuts through this jungle by offering a single management tool to monitor configuration files and ensure their integrity. It supports an impressive range of products including Cisco IOS and CatOS devices, Nokia IPSO firewalls plus Hewlett Packard ProCurve switches. It can also keep a close eye on UNIX system text files. Support has recently been extended to other platforms with device kits‚ for Foundry, Extreme and NetScreen products. A licence to slow
It has to be said that installation is a slow process, further marred by an erratic licensing procedure. TND spent more than an hour running through its initialization process on a Windows 2000 Professional test system. Slow as it seemed TripWire's support staff say that this has been known to take up to four hours. In addition, the Windows 2000 Server system had to be rebooted a couple of times before it would recognize the licence file. Once past these obstacles you'll find the browser console is a tidy affair that is easy to use. However, all monitored devices need to be added to the node list first. As TND doesn't provide an automatic search and import facility this has to be done manually or via a CSV (comma separated values) file. One of the reasons for this is that TND needs to know the various usernames and passwords required to access each device. On Cisco IOS devices, for example, you will need to enter the enable password for each one. Various icons are used to identify different devices and groups can be used for easier management. Naturally, security needs to be strong and TND doesn't disappoint as all communications with the console are encrypted using the 192-bit Blowfish algorithm. SSH and SCP are also used when accessing managed devices. Furthermore, four different types of TND user can be declared to determine who can control and configure devices, manage the TND application or simply view the data on each device. Rules are used to determine what TND looks for on each managed device which can be a change to the configuration file or something as simple as a unit status. On first contact, TND takes a baseline copy of the configuration and stores it for comparison and restoration purposes. Any changes to these files are considered a violation and TND uses pre-defined responses to determine what action to take. Task master
Tasks are used to schedule when TND checks a device or group of devices. Checks can be run manually or at intervals ranging from once every minute up to once a month. When a task starts, TND applies the rules to all specified nodes. If anything has changed it will log a violation and carry out any automatic responses that have been linked to the rule. Three basic responses are provided. These consist of sending an e-mail alert to a single address, updating the baseline or initiating an SNMP trap, although the latter will require a network management software product. The only other response type is to restore the configuration from the baseline file. While this can be run automatically in response to a violation TripWire recognizes this can be risky and recommends that this action is only run manually. TND makes life easy when identifying changes made to configuration files as it provides a split screen showing the baseline and the new file contents. A colour-coded system is used to highlight deletions, additions and modifications. Overall, TripWire for Network Devices offers a unique solution to a problem few other management products address. It may take a while to import all your devices and apply rules, responses and tasks but you can rest assured that no-one will be able to fiddle with your switch, router or firewall configuration files without you knowing about it.