Presentation is loading. Please wait.

Presentation is loading. Please wait.

OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com.

Published byClaud Cannon Modified over 8 years ago

Similar presentations

Presentation on theme: "OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com."— Presentation transcript:

1 OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com

2 What is a HIDS? ● Host Intrustion Detection System ● Intrusion Detection is the process or techniques used to detect attacks on a specific network, system or application. Most intrusion detection tools not only detect attacks, but also software misuse, policy violations and other forms of inappropriate activities. ● A Host-based IDS performs intrusion detection from within the systems you want to protect. Some of these tools perform log analysis, others spyware detection, while others perform virus detection..

3 Security log analysis ● Security Log analysis is the process or techniques used to detect attacks on a specific network, system or application using logs as the primary source of information ● Logs can be anything from firewall logs, web server logs, system logs, IDS events or Windows event logs. ● Log analysis is also used to detect software misuse, policy violations and other forms of inappropriate activities.

4 What is a LIDS? ● LIDS (Log-based intrusion detection systems) is just a fancy term for tools that perform security log analysis (specified above). It's goal is to detect misuse (or attacks) using logs as the primary source of information. It is not a replacement for NIDS (Network-based IDS) or any other security solution, but an addition to them.

5 Software ● OSSEC ● Tripwire ● Tiger ● Linux Intrusion Detection System (LIDS)

6 OSSEC ● Developed by TrendMicro ● Free ● Supported OS's: Linux, OpenBSD, FreeBSD, MacOS, Solaris, AIX, HP-UX, and Windows ● Easy to install ● Write customize rules, watch specific logs ● Handles logs from popular firewalls, switches, and routers

7 Supported Devices ● Cisco PIX, ASA and FWSM (all versions) ● Cisco IOS routers (all versions) ● Juniper Netscreen (all versions) ● SonicWall firewall (all versions) ● Checkpoint firewall (all versions) ● Cisco IOS IDS/IPS module (all versions) ● Sourcefire (Snort) IDS/IPS (all versions) ● Dragon NIDS (all versions) ● Checkpoint Smart Defense (all versions) ● McAfee VirusScan Enterprise (v8 and v8.5) ● Bluecoat proxy (all versions) ● Cisco VPN concentrators (all versions)

8 Features ● Log analysis ● File integrity checking ● Windows registry monitoring ● Centralized policy enforcement ● Rootkit detection ● Real-time alerting and active response. ● ^ HIPS ^ lol

9 Log Analysis – How it Works ● Live Demo

10 Deployment Types ● Local – One machine, full deployment ● Server – Collects log data from agents ● Agents – Sends log data to server for analysis ● Agentless – For systems that you can’t install an agent, OSSEC allows you to perform file integrity monitoring on them without the agent installed.

11 Installation ● Live Demo ● Current Version: 2.6 ● http://www.ossec.net/main/manual/manual-installation

12 Managing OSSEC ● Live Demo ● http://www.ossec.net/doc/

13 Copy/Paste References ● ossec.net

Download ppt "OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Department Of Computer Engineering

Department Of Computer Engineering
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Similar presentations

Ads by Google