Tripwire is spearheading an effort to come up with common standards for an Internet-based database where companies could store information to help them check for unauthorized file changes.
Hewlett-Packard Co., IBM Corp. and Sun Microsystems Inc. voiced support for the nascent standards effort, the so-called "file-signature database," not expected to be completed until next year at the earliest.
Tripwire makes software for servers, routers and switches to ensure the data integrity of system files.
As planned, the file-signature database would be able to hold unique "fingerprints" of millions of files from many companies. A fingerprint is a digital hash of a file or operating system that is created using public-key encryption. Like a fingerprint, each hash is a unique representation of a file and can be used to reveal whether a file has been changed, by comparing a new hash to its old one. This is the way TripwireÂ’s data-integrity products work on corporate networks.
Tripwire is now working in a joint commercial venture with HP, IBM, Sun and others, including InstallShield and RSA Security, to foster a design for an Internet-based database to store file signatures.
"There's work to be done to make sure the database is secure," said Wyatt Starnes, founder, president and CEO of Tripwire. Tripwire next year intends to launch its own Internet-based service, probably to be based on XML and SOAP protocols, to customers for remotely storing and retrieving file signatures, he said.
HP, IBM and Sun are involved in creating the basic model for the file-signature database, and they say they intend to create products or services to work under the envisioned framework.
"We need this kind of functionality to make the customers happy," said Jan-Maarten von Dongen, chief technology officer in HP's OpenView operations. Inside any organization, he noted, "there are always people who make changes without telling anybody else. It's hard to determine what's changed in an environment. How do you validate the integrity of services you're delivering or what's in your environment?"
The Tripwire approach provides a way to monitor for changes and to implement rules for response when something goes wrong, he said.
Some of the hard work in bringing to fruition the shared Web service for storing file fingerprints is going into developing so-called "harvesting tools," said Dave Bartlett, director of autonomic computing at IBM. New tools will be needed for securely gathering file-signature data across heterogeneous platforms and applications, storing the data in the third-party database, and retrieving it.
Sun’s senior director of engineering in the Solaris group, Sin-Yaw Wang, pointed out that Sun has had a "fingerprint database" in Solaris for three years that can check installation of Solaris servers to tell if they have been compromised. But Sun is participating in the Tripwire-led effort because it would like to support a more heterogeneous approach, too.
Tripwire 's Starnes noted that most unauthorized file changes are not the result of hackers on the loose, but of loss of data when systems go down. "Unintended and accidental data change is a much bigger risk than intentional attacks," he asserted.
Though the vendor group says it wants to create an openly published standard for the "file-signature database" method it is creating, it's unclear how much of the underlying design will remain Tripwire proprietary technology or otherwise not be put in the public domain. That will become more apparent when the work is further along next year, Starnes said.