OSSEC Host-Based Intrusion Detection Guide
Syngress Media,U.S. (Verlag)
978-1-59749-240-9 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented...until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems. -- Stephen Northcutt
OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This "picture" captures the most relevant information about that machine's configuration. OSSEC saves this "picture" and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization.
Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC.
Daniel Cid is the creator and main developer of the OSSEC HIDS (Open Source Security Host Intrusion Detection System). Daniel has been working in the security area for many years, with a special interest in intrusion detection, log analysis and secure development. He is currently working at Q1 Labs Inc. as a software engineer. In the past, he worked at Sourcefire, NIH and Opensolutions. Daniel holds several industry certifications including the CCNP, GCIH, CISSP. Andrew leads a team of software developers at Q1 Labs Inc. integrating 3rd party event and vulnerability data into QRadar, their flagship network security management solution. Prior to joining Q1 Labs, Andrew was CEO and co-founder of Koteas Corporation, a leading provider of end to end security and privacy solutions for government and enterprise. His resume also includes such organizations as Nokia Enterprise Solutions, Nortel Networks, and Magma Communications, a division of Primus. Andrew is a strong advocate of security training, certification programs, and public awareness initiatives. He also holds several industry certifications including the CCNA, CCSA, CCSE, CCSE NGX, CCSE Plus, Security+, GCIA, GCIH, SSP-MPA, SSP-CNSA, NSA, RHCT, and RHCE. Rory Bray is senior software engineer at Q1 Labs Inc. with years of experience developing Internet and security related services. In addition to being a long-time advocate of Open Source software, Rory has developed a strong interest in network security and secure development practices. Rory has a diverse background which includes embedded development, web application design, software architecture, security consulting and technical editing. This broad range of experience provides a unique perspective on security solutions.
1. Introduction
2. Getting Started With OSSEC
3. Installation
4. Configuration
5. Working With Log Analysis - Decoders
6. Working With Log Analysis - Rule Files
7. Configuring System Integrity Check
8. Rootkit Detection
9. Policy Enforcement
10. Active Response Configuration
11. Integration and Advanced Configuration
12. Using the Web interface
Appendix A: The Importance of Log Analysis
| Erscheint lt. Verlag | 9.4.2008 |
|---|---|
| Verlagsort | Rockland, MA |
| Sprache | englisch |
| Maße | 191 x 235 mm |
| Gewicht | 700 g |
| Themenwelt | Mathematik / Informatik ► Informatik ► Betriebssysteme / Server |
| Mathematik / Informatik ► Informatik ► Netzwerke | |
| ISBN-10 | 1-59749-240-X / 159749240X |
| ISBN-13 | 978-1-59749-240-9 / 9781597492409 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
