Security vendor Tripwire (www.tripwire.com) has released Tripwire for Web Pages 1.0, a product designed to protect Web sites from vandalism.
As an Apache plug-in, Tripwire for Web Pages creates an MD5 hash of every Web page on your server. Then, when a page is requested, the program verifies the pages hash against the database. If the hashes dont match, Tripwire for Web Pages can take one of several actions: serving an error or backup page, sending an e-mail notification, or executing a script.
At $1,095 per server, its a nifty idea but unwieldy in large environments. Tripwire for Web Pages does not include a central management console, making it time-consuming and tedious to administer on a large number of servers.
I like what Tripwire is trying to do with this product, but its not ready for mass deployment. Once Tripwire releases a centralized management console and adds support for Microsoft IIS or IPlanet Web servers, Tripwire for Web Pages could be a beneficial investment for Web site security.
