OSSEC - a free Intrusion Detection System
Some perspective..
(Q)What is Host-based intrusion detection system (HIDS)?
(A) A host-based intrusion detection system is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces.
(Q) Why do we need HIDS and what are its uses?
(A) The agent, which is installed on our servers communicates constantly with the master installed on another server. Any break-in attempt or software installations are communicated to master and based on rules and alert levels defined, master sends our Email and SMS notifications to relevant teams. All of this in real time.
(Q) Looks pretty standard, what else can this do ?
(A) Based on the installed product, HIDS also has feature of executing scripts on agents in case a server is unreachable because of break-in. Also this architecture supports multiple agents, giving the ability of aggregation and security event management (SIEM) for all of our servers. Compliance is another aspect where SIEM tools are now mandatory for many industries.
(Q) How does HIDS monitor our server? What goes behind the screen?
(A) Firstly, HIDS takes care of monitoring system, security and access logs, thus tracking any anomaly. It also monitors few OS specific important files for alterations. It then also looks for new software installations and malicious software.
Finally.. (Q) what is OSSEC ?
(A) OSSEC is one such implementation of HIDS to monitors all aspects of server activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring. It mixes together all the aspects of Detection, Log monitoring, and Security Incident Management (SIM)/Security Information and Event Management (SIEM) together in a simple & powerful solution.
OSSEC is free, open source software with GNU GPL v2 licence, thus effectively guarantees end users the freedom to run, study, share and modify the software.
In the next blog I will discuss step by step process to include OSSES in your IT Architecture and use it. For more details on OSSEC please visit: https://www.ossec.net/
#OSSEC #ComputerSecurity #realTimeThreatAnalysis
(Q)What is Host-based intrusion detection system (HIDS)?
(A) A host-based intrusion detection system is an intrusion detection system that is capable of monitoring and analyzing the internals of a computing system as well as the network packets on its network interfaces.
(Q) Why do we need HIDS and what are its uses?
(A) The agent, which is installed on our servers communicates constantly with the master installed on another server. Any break-in attempt or software installations are communicated to master and based on rules and alert levels defined, master sends our Email and SMS notifications to relevant teams. All of this in real time.
(Q) Looks pretty standard, what else can this do ?
(A) Based on the installed product, HIDS also has feature of executing scripts on agents in case a server is unreachable because of break-in. Also this architecture supports multiple agents, giving the ability of aggregation and security event management (SIEM) for all of our servers. Compliance is another aspect where SIEM tools are now mandatory for many industries.
(Q) How does HIDS monitor our server? What goes behind the screen?
(A) Firstly, HIDS takes care of monitoring system, security and access logs, thus tracking any anomaly. It also monitors few OS specific important files for alterations. It then also looks for new software installations and malicious software.
Finally.. (Q) what is OSSEC ?
(A) OSSEC is one such implementation of HIDS to monitors all aspects of server activity with file integrity monitoring, log monitoring, rootcheck, and process monitoring. It mixes together all the aspects of Detection, Log monitoring, and Security Incident Management (SIM)/Security Information and Event Management (SIEM) together in a simple & powerful solution.
OSSEC is free, open source software with GNU GPL v2 licence, thus effectively guarantees end users the freedom to run, study, share and modify the software.
In the next blog I will discuss step by step process to include OSSES in your IT Architecture and use it. For more details on OSSEC please visit: https://www.ossec.net/
#OSSEC #ComputerSecurity #realTimeThreatAnalysis
Comments