Automated detection and response to attacks
Conclusion
One of the biggest problems with security is the amount of setup effort and continuous maintenance it often requires. OSSEC provides a degree of assurance and active protection with a minimal setup cost and little maintenance. OSSEC is lacking in a few features I would really love to see (like telling me what changed within a file as opposed to just telling me that the file has changed) and lacks some ease of use features (like mass configuration and change management), but weighed against the simplicity of setup and management I think it's still worth it.
Infos
- "Dive Deep" by Heike Jurzik, Linux Pro Magazine, April 2008, http://www.linux-magazine.com/w3/issue/89/086-087_command.pdf
- OSSEC: http://www.ossec.net/
- Tripwire: http://sourceforge.net/projects/tripwire/
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)