To help alleviate loss of perception and the potential of negative market value impact associated with Web site attacks, Tripwire Inc., the leading provider of data and network integrity (DNI) software, today announced Tripwire(R) for Web Pages.

Tailored for the Apache Web server platform -- the most widely used Web server platform in the world -- this new product immediately detects unauthorized modifications to Web site content, prevents the delivery of modified pages, and instantly alerts the system administrator. According to TruSecure, a computer security consulting firm based in Reston, Virginia, 42 Web sites are successfully hacked each day, up 55 percent in the last year.

"In light of recent Web site attacks such as Associated Press, NASA and The New York Times, coupled with the advanced skills of today's hackers, there is an immediate need for a real-time defense mechanism to assure the integrity of Web pages and Web page content," said W. Wyatt Starnes, CEO and president of Tripwire. "Tripwire's main focus is to deliver technology solutions that assure the integrity of critical IT infrastructures. Tripwire for Web Pages is a natural extension of our existing product portfolio because it focuses on solving high-impact, high-outage problems within an enterprise."

"Given the increasing importance of a company's Web site -- whether informational-, marketing- or eCommerce-based -- the need to have 100 percent faith in its integrity is essential," said Robert Lonadier, director of security strategies, The Hurwitz Group.

How Tripwire for Web Pages Works

Tripwire for Web Pages determines if a Web page has been altered by comparing the date and the digital signature of the current Web page to that of the "known good" authorized file securely saved in the database. This "integrity check" is instantly performed each time a browser requests a Web page from the Web server. If the file dates and/or signatures do not match precisely, Tripwire for Web Pages halts the file from being served, sends a custom notification/replacement page to the browser, logs the event, and sends a custom e-mail to alert the system administrator of the change and provide steps to restore the authorized content.

When used in conjunction with the company's flagship product, Tripwire for Servers, Tripwire for Web Pages provides customers with an unparalleled level of assurance that the integrity of the entire Web infrastructure is being maintained. Tripwire for Servers assures Web server integrity by creating a baseline snapshot of the Web server file system and system registry, comparing the most current file(s) run against a "known good" baseline and alerting the network/system administrator if there are any differences. Using both Tripwire products together, an IT manager is able to unequivocally ensure the integrity of the entire Web infrastructure.

Tripwire for Web Pages Features

• Instant detection -- monitors all Web pages leaving the Web site in real-time and alerts the system administrator of any modifications to a Web page.
• Custom notification -- if a Web page is modified, the software logs the event in a file, pipe, socket, CGI script, syslog, and/or SNMP, and notifies the system administrator immediately, allowing immediate remedy to the problem.
• Notification page -- full control of notification/substitute page that is displayed when a modified Web page is detected.
• Virtual hosts -- full support for multiple virtual hosts, with their own service and security features.
• Apache Web Server -- comes with a free and fully configured Apache Web Server that is tuned to receive the Tripwire for Web Pages product.
• Easy installation module -- that simply plugs into an existing Apache installation or is installed with the included Apache Web Server.
• Language support -- includes language support for Perl and PHP.
• Cross-platform capabilities -- currently ported to a wide range of UNIX platforms and supports Apache 1.3.12, Sun Solaris 2.6, 7.x (2.7), 8.x (2.8) - SPARC, Sun Solaris 7.x, 8.x - x86, IBM AIX 4.3.3, HP-UX 11.0, Red Hat x86 (GLibC 2.0+), Caldera Linux x86 (GLibC 2.0+), SuSE Linux x86 (GLibC 2.0+), TurboLinux x86 (GLibC 2.0+), Mandrake Linux x86 (GLibC 2.0+), Debian 2.1 x86 (GLibC 2.0+)BSDI BSD/OS 4.x, Free BSD 3.x, 4.x, 5.x - x86, Open BSD 2.x - x86.
• Installation package -- choice of text-based or graphical installation package.

Related Stories:
Apache 2.0.15 released as an alpha(Mar 28, 2001)
Tempest Software Ships SiteShield; New Product Facilitates Secure Exchange of Information Over the Web(Mar 26, 2001)
PR: freeVSD announces latest major version of GPL virtual server solution for Linux(Mar 06, 2001)
Is your web server running unnecessary software?(Feb 20, 2001)
JSoft Security GUI for mySQL for Windows beta 1 released(Feb 16, 2001)
SysAdmin: Safer CGI Scripting(Feb 09, 2001)
Installing a secure web server(Dec 11, 2000)