Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
Apache Today [Your Apache News Source] To

Deploy, Optimize & Extend, Portal Based Web Systems

Apache HTTPD Links
Apache-Perl Integration Project
The Apache Software Foundation
The Apache FAQ
Apache Project
The Java Apache Project
The Jakarta Project
Apache Module Registry
PHP Server Side Scripting
Apache-Related Projects
Apache XML Project
The Linux Channel at
Linux Planet
BSD Central
Linux Central
BSD Today
Linux Apps
Linux Today
Apache Today
All Linux Devices
Just Linux
Linux Start
Linux Programming
Enterprise Linux Today
PR: Tripwire allows organizations to fight back against growing number of website attacks
Apr 2, 2001, 17 :51 UTC (0 Talkback[s]) (666 reads)

To help alleviate loss of perception and the potential of negative market value impact associated with Web site attacks, Tripwire Inc., the leading provider of data and network integrity (DNI) software, today announced Tripwire(R) for Web Pages.

Tailored for the Apache Web server platform -- the most widely used Web server platform in the world -- this new product immediately detects unauthorized modifications to Web site content, prevents the delivery of modified pages, and instantly alerts the system administrator. According to TruSecure, a computer security consulting firm based in Reston, Virginia, 42 Web sites are successfully hacked each day, up 55 percent in the last year.

"In light of recent Web site attacks such as Associated Press, NASA and The New York Times, coupled with the advanced skills of today's hackers, there is an immediate need for a real-time defense mechanism to assure the integrity of Web pages and Web page content," said W. Wyatt Starnes, CEO and president of Tripwire. "Tripwire's main focus is to deliver technology solutions that assure the integrity of critical IT infrastructures. Tripwire for Web Pages is a natural extension of our existing product portfolio because it focuses on solving high-impact, high-outage problems within an enterprise."

"Given the increasing importance of a company's Web site -- whether informational-, marketing- or eCommerce-based -- the need to have 100 percent faith in its integrity is essential," said Robert Lonadier, director of security strategies, The Hurwitz Group.

How Tripwire for Web Pages Works

Tripwire for Web Pages, the first product to originate from Tripwire and Covalent's strategic alliance announced in January 2001, delivers enhanced integrity solutions by assuring the integrity of Web page content. It extends Tripwire's core DNI offerings from monitoring the file system of the Web server to the real-time monitoring of dynamic Web pages being presented by the server. Tripwire for Web Pages does this by detecting unauthorized modifications to Web server content, instantly alerting the system administrator, and redirecting Web site viewers to a user-defined temporary Web page until authorized content is restored. This real-time DNI solution enables IT managers and Web developers to help the company avoid public embarrassment, negative brand impact, and the potential loss of market value frequently caused by malicious Web server attacks.

Tripwire for Web Pages determines if a Web page has been altered by comparing the date and the digital signature of the current Web page to that of the "known good" authorized file securely saved in the database. This "integrity check" is instantly performed each time a browser requests a Web page from the Web server. If the file dates and/or signatures do not match precisely, Tripwire for Web Pages halts the file from being served, sends a custom notification/replacement page to the browser, logs the event, and sends a custom e-mail to alert the system administrator of the change and provide steps to restore the authorized content.

When used in conjunction with the company's flagship product, Tripwire for Servers, Tripwire for Web Pages provides customers with an unparalleled level of assurance that the integrity of the entire Web infrastructure is being maintained. Tripwire for Servers assures Web server integrity by creating a baseline snapshot of the Web server file system and system registry, comparing the most current file(s) run against a "known good" baseline and alerting the network/system administrator if there are any differences. Using both Tripwire products together, an IT manager is able to unequivocally ensure the integrity of the entire Web infrastructure.

Tripwire for Web Pages Features

  • Instant detection -- monitors all Web pages leaving the Web site in real-time and alerts the system administrator of any modifications to a Web page.
  • Custom notification -- if a Web page is modified, the software logs the event in a file, pipe, socket, CGI script, syslog, and/or SNMP, and notifies the system administrator immediately, allowing immediate remedy to the problem.
  • Notification page -- full control of notification/substitute page that is displayed when a modified Web page is detected.
  • Virtual hosts -- full support for multiple virtual hosts, with their own service and security features.
  • Apache Web Server -- comes with a free and fully configured Apache Web Server that is tuned to receive the Tripwire for Web Pages product.
  • Easy installation module -- that simply plugs into an existing Apache installation or is installed with the included Apache Web Server.
  • Language support -- includes language support for Perl and PHP.
  • Cross-platform capabilities -- currently ported to a wide range of UNIX platforms and supports Apache 1.3.12, Sun Solaris 2.6, 7.x (2.7), 8.x (2.8) - SPARC, Sun Solaris 7.x, 8.x - x86, IBM AIX 4.3.3, HP-UX 11.0, Red Hat x86 (GLibC 2.0+), Caldera Linux x86 (GLibC 2.0+), SuSE Linux x86 (GLibC 2.0+), TurboLinux x86 (GLibC 2.0+), Mandrake Linux x86 (GLibC 2.0+), Debian 2.1 x86 (GLibC 2.0+)BSDI BSD/OS 4.x, Free BSD 3.x, 4.x, 5.x - x86, Open BSD 2.x - x86.
  • Installation package -- choice of text-based or graphical installation package.
Tripwire for Web Pages is available immediately. Introductory price is $1,095 in North America.

Related Stories:
Apache 2.0.15 released as an alpha(Mar 28, 2001)
Tempest Software Ships SiteShield; New Product Facilitates Secure Exchange of Information Over the Web(Mar 26, 2001)
PR: freeVSD announces latest major version of GPL virtual server solution for Linux(Mar 06, 2001)
Is your web server running unnecessary software?(Feb 20, 2001)
JSoft Security GUI for mySQL for Windows beta 1 released(Feb 16, 2001)
SysAdmin: Safer CGI Scripting(Feb 09, 2001)
Installing a secure web server(Dec 11, 2000)

  Current Newswire: mod_perl in 30 minutes

Sun to allow open source Java implementations

SECURITY: Vulnerability in Apache for Win32 batch file processing mod_perl Developer's Cookbook

mod_l33t added to Apache Module Registry

Linux Easy Installer - Security Fixes

Daemon News: Jakarta-Tomcat on FreeBSD 4.4

Moto, a compilable server-side scripting language

SECURITY: Flaws Found in PHP Leave Web Servers Open to Attack

Everything Solaris: Apache: Handling Traffic

No talkbacks posted.
Enter your comments below.
Your Name: Your Email Address:

Subject: CC: [will also send this talkback to an E-Mail address]

See our talkback-policy for or guidelines on talkback content.

About Triggers Media Kit Security Triggers Login

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4
Copyright 2002 INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.