Automated detection and response to attacks

Conclusion

One of the biggest problems with security is the amount of setup effort and continuous maintenance it often requires. OSSEC provides a degree of assurance and active protection with a minimal setup cost and little maintenance. OSSEC is lacking in a few features I would really love to see (like telling me what changed within a file as opposed to just telling me that the file has changed) and lacks some ease of use features (like mass configuration and change management), but weighed against the simplicity of setup and management I think it's still worth it.

Infos

  1. "Dive Deep" by Heike Jurzik, Linux Pro Magazine, April 2008, http://www.linux-magazine.com/w3/issue/89/086-087_command.pdf
  2. OSSEC: http://www.ossec.net/
  3. Tripwire: http://sourceforge.net/projects/tripwire/

The Author

Kurt Seifried is an Information Security Consultant specializing in Linux and networks since 1996. He often wonders how it is that technology works on a large scale but often fails on a small scale.

Read full article as PDF:

058-059_kurt.pdf  (199.03 kB)

Related content

  • Intrusion Detection

    The Prelude security information management system receives both host- and network-based IDS messages and displays them in an easy web interface. We show you how to set it up.

  • Expert Security Intro

    Internet intruders have many ingenious ways of escalating privileges and hiding their presence once they get inside your system. The best protection is to keep them out in the cold.

  • Security Lessons: Windows Logging

    Windows 7 is pretty good at logging, but what do you do with all those log files? We look at some monitoring tools that can help you get the most out your logging data.

  • Tripwire IDS

    Tripwire is a powerful tool that protects your systems against unwanted changes.

  • Tripwire

    The simple but effective Tripwire HIDS provides its service quietly and discreetly, preventing attackers from infecting computers with trojans, backdoors, or modified files by identifying anomalies unnoticed by the user.

comments powered by Disqus

Direct Download

Read full article as PDF:

058-059_kurt.pdf  (199.03 kB)

News