Presentation is loading. Please wait.

Presentation is loading. Please wait.

Power of OSSEC By Donovan Thorpe CS 5910 Fall 2010.

Published byKevin Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "Power of OSSEC By Donovan Thorpe CS 5910 Fall 2010."— Presentation transcript:

1 Power of OSSEC By Donovan Thorpe CS 5910 Fall 2010

2 CS 5910 - dthorpe - OSSEC - 2010-12-08 2 What is OSSEC OSSEC History Host-based Intrusion Detection System Open Source Multi-platform

3 CS 5910 - dthorpe - OSSEC - 2010-12-08 3 Installation Types Local Server Agent and Agent-less

4 CS 5910 - dthorpe - OSSEC - 2010-12-08 4 OSSEC features System Integrity Checking Rootkit Detection Log Analysis Active Response

5 CS 5910 - dthorpe - OSSEC - 2010-12-08 5 Integrity Checking syscheck checks: md5sum, sha1sum, size, owner, group, perms realtime option for directories

6 CS 5910 - dthorpe - OSSEC - 2010-12-08 6 Rootkit Detection Looks for known rootkits Scans filesystem looking for unusual files and permissions Looks for hidden ports Looks for promiscuous mode on all interfaces

7 CS 5910 - dthorpe - OSSEC - 2010-12-08 7 Log Analysis File Monitoring Process Monitoring search the output of a command df -h based on when the output changes netstat -tan |grep LISTEN|grep -v 127.0.0.1

8 CS 5910 - dthorpe - OSSEC - 2010-12-08 8 Output and Alerts syslog email database

9 CS 5910 - dthorpe - OSSEC - 2010-12-08 9 Active Response Based on an alert run a command hosts deny firewall drop route null

10 CS 5910 - dthorpe - OSSEC - 2010-12-08 10 Comparison CISCO Security Agent Symantec Client Security Tripwire

11 CS 5910 - dthorpe - OSSEC - 2010-12-08 11 Enhancements Recursive optional or blocking Realtime options for files More inotify event codes Per entry of inotify

12 CS 5910 - dthorpe - OSSEC - 2010-12-08 12 Resources Main web site www.ossec.netwww.ossec.net Mailing lists Books Web interface and Plugins

13 CS 5910 - dthorpe - OSSEC - 2010-12-08 13 Q & A Questions ???

Download ppt "Power of OSSEC By Donovan Thorpe CS 5910 Fall 2010."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
ActiveXperts Network Monitor Monitors servers, workstations and devices for availability Alerts and corrects.

ActiveXperts Network Monitor Monitors servers, workstations and devices for availability Alerts and corrects.
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.
1 CHEP 2000, 10.02.2000Roberto Barbera Roberto Barbera (*) Grid monitoring with NAGIOS WP3-INFN Meeting, Naples, 29.11.2002 (*) Work in collaboration with.

1 CHEP 2000, Roberto Barbera Roberto Barbera (*) Grid monitoring with NAGIOS WP3-INFN Meeting, Naples, (*) Work in collaboration with.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.

Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.

Profile-Based Web Intrusion Prevention System by Donovan Thorpe CS526 Fall 2002.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
Internet Information Server (IIS)

Internet Information Server (IIS)
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Security Guidelines and Management

Security Guidelines and Management
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Similar presentations

Ads by Google