I already have a firewall and intrusion detection system. Why do I need CimTrak?
How long does it take to detect a change?
Does the CimTrak Agent consume a lot of the server's resources?
Does it save the unauthorized changes made by hackers?
Can CimTrak handle dynamic content?
Is there a limit to the number of systems I can monitor?
Can I exclude certain files from monitoring?
If it prevent all changes from occurring, how do I make a change?
Does it work with my existing web publishing tools?
How does it notify me of changes or alarms?
Can it integrate to my existing network monitoring tools.
Can it monitor and restore my Windows OS directory?
Can I monitor web servers across the Internet?
Does it integrate with any third party reporting tools?
Is all my data secure?
Can I install the CimTrak Repository, Agent, and Client all on the same machine?

I already have a firewall and intrusion detection system. Why do I need CimTrak?

Firewalls and intrusion detection systems are both important tools in securing enterprise and web server environments. However, firewalls are not bulletproof against good hackers and they can't do anything against unauthorized changes inside the firewall. Also, intrusion detection systems don't provide the necessary corrective action required in response to a website defacement or attack. CimTrak provides a "last line of defense" when existing security mechanisms have been compromised, by instantly restoring any modified files and ensuring the integrity of your system.

How long does it take to detect a change?

The CimTrak Agent detects file changes in real time. The entire process from detection, comparison, and restore (if necessary) usually takes place in a fraction of a second.

Does the CimTrak Agent consume a lot of the server's resources?

The Agent does not poll the server CPU or hard drive during operation. Detection is accomplished without taxing the server's valuable resources. The only time any noticeable resources are required is during a "lock" event when the website files are digitally signed and transferred to the CimTrak master repository, or when a change is detected and CimTrak takes the necessary corrective action. Even in these situations, the resource requirements are very reasonable.

Does it save the changes made by hackers?

An option is available to safely quarantine any modified files in the master repository. You can also specify a maximum size limitation for quarantined files in order to prevent transferring large files that may consume bandwidth and resources. Quarantined files may be safely viewed or extracted from the repository using CimTrak Client.

Can CimTrak handle dynamic content?

Yes. CimTrak can support a dynamically generated website because CimTrak monitors the source code and not the changing data. Even though the dynamic web page may never be the same twice, the source code behind the dynamic page is the same.

Is there a limit to the number of systems I can monitor?

No. The only limitations are the physical resources of the workstation or server housing the CimTrak Server and Master Repository. The CimTrak Server can support multiple remote servers.

Can I exclude certain files from monitoring?

Yes. When an Object is configured using the CimTrak Client utility, the user selects which directories and files are to be monitored, and which files are excluded from that list. This is necessary for files that are inherently dynamic, or created on the fly by applications.

If it prevents all changes from occurring, how do I make a change?

Changes can be made by an administrator or authorized user. The specific Object to be changed is "unlocked" from the Client utility. Once unlocked, the Object can be updated using your established procedures. When the update is complete, the Object is "locked" and the Agent updates the Master Repository and resumes monitoring. If the Object remains unlock for a predetermined length of time, an alert message will be sent to all appropriate users.

Does it work with my existing web publishing tools?

Yes. Common web publishing tools such as Front Page, Cold Fusion, and Dreamweaver UltraDev can still be used with only a minor additional step in the process. The Object or website must be "unlocked" through the CimTrak Client before new files are transfered to web server and "locked" upon completion. Plug-ins to allow you to "unlock" and "lock" from within these common applications will be available in future releases.

How does it notify me of changes or alarms?

Alerts are sent via email, text messaging, and SNMP traps.

Can it integrate to my existing network monitoring tools?

Yes. CimTrak supports SNMP traps, which allows it to integrate with other network management tools.

Can it monitor and restore my Windows OS directory?

CimTrak can monitor an operating system directory, such as c:\winnt, for modifications and for files that have been illegally added to that directory. It is typically recommended that OS directories be monitored for changes only. If you would like to restore files in the OS directory, you must ensure to exclude appropriate files.

Can I monitor servers across the Internet?

Yes. Server Agents can safely communicate to a CimTrak Server accross both the Internet and LAN/WAN's. This is possible due to the CimTrak's communication and encryption architecture.

Does it integrate with any third party reporting tools?

Yes. CimTrak is certified with WebTrends (TM) firewall reporting tool. This allows you to review both firewall and CimTrak logging information in one reporting tool.

How safe is my data? Is it ever exposed?

CimTrak stores all files in the Master Repository in an encrypted and compressed format. All communication between the Agent and the CimTrak Server is also encrypted. This ensures that your repository files are never exposed in their native format.

Can I install the CimTrak Repository, Agent, and Client all on the same machine?

All three CimTrak components can be installed on the same machine. However, best practices and CERT recommended guidelines are to maintain an authoritative copy on a separate machine. This means keep the CimTrak Master Repository on a separate secured workstation or server apart from the actual monitored server. The Client Utility may be installed on any machine.