New tool prevents switch tampering

Portland, Ore.-based Tripwire Inc. has unveiled a management console designed to prevent unauthorized changes to Cisco Catalyst switches and routers by notifying network managers of tampering and automating restoration to original settings.

Available for Windows NT or Unix, the Tripwire for Routers and Switches console software is best placed within the operations centre where network monitoring takes place, says Dwayne Melancon, Tripwire’s vice-president of marketing. Each console can monitor up to 1,000 switches and routers, detecting an unauthorized change to routing and configuration tables, immediately notifying the manager via e-mail or page alert.

Unauthorized changes can occur when systems administrators inadvertently or purposefully alter router or switch configuration settings ordered by the manager in charge. Malicious hacking might be the culprit, Melancon notes, but more often network outages change router and switch configuration.

Because misconfiguration can cause major disruptions to network operation, it’s important to be apprised of these incidents and take steps to restore the original settings right away. And that’s what the Tripwire console software – which costs US$5,000 with an additional US$250 for each monitored router or switch – tries to do.

Tripwire came out with an earlier version of this product supporting only routers. Deutsche Bank, which had some problems with systems administrators overriding the wishes of the security manager, has been a customer and a contributor to the Tripwire design. With this latest version, Tripwire fulfils its promise to prevent switch tampering.

The product is catching the eye of corporations that say the Tripwire monitoring tool is the only one they’ve seen that has the capability to notify a manager when an unauthorized change is made.

“Change management and validation is very important,” says Ozzie Kuscan, network manager at Lonza Group, a chemicals manufacturing company that supplies pharmaceutical giants such as Pfizer and Novartis. “The Tripwire tool could be of help in documenting changes.”

Lonza, based in Basel, Switzerland, with U.S. headquarters in Fairlawn, N.J., has a frame relay network connecting 10 offices, and it maintains its own routers. Chemical manufacturing is a tightly regulated industry, and the Food and Drug Administration and Lonza’s own pharmaceutical customers periodically conduct security audits of its network, Kuscan says. The Tripwire tool appears to add to the “good practices” regulations expected in these audits, he says.

For more information, visit the company on the Web at