 |
|
| OSSEC HOST-BASED INTRUSION DETECTION GUIDE
| |
| | |
|
|
To order this title, and for more information, click here
By
Rory Bray, New Brunswick, Canada. Senior software engineer at Q1 Labs Inc., New Brunswick, Canada
Daniel Cid, New Brunswick, Canada. Lead Developer of the OSSEC HIDS, New Brunswick, Canada
Andrew Hay, Andrew leads a team of software developers at Q1 Labs Inc. integrating 3rd party event and vulnerability data into QRadar, their flagship
network security management solution. Prior to joining Q1 Labs, Andrew was CEO and co-founder of Koteas Corporation, a leading provider
of end to end security and privacy solutions for government and enterprise. His resume also includes such organizations as Nokia Enterprise
Solutions, Nortel Networks, and Magma Communications, a division of Primus. Andrew is a strong advocate of security training, certification
programs, and public awareness initiatives. He also holds several industry certifications including the CCNA, CCSA, CCSE, CCSE NGX, CCSE
Plus, Security+, GCIA, GCIH, SSP-MPA, SSP-CNSA, NSA, RHCT, and RHCE.
Description
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to
need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal
book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features
of the product undocumented...until now! The book you are holding will show you how to install and configure OSSEC on the operating
system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems.
-- Stephen Northcutt
OSSEC
determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered
state. This ?picture? captures the most relevant information about that machine?s configuration. OSSEC saves this ?picture? and then
constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration.
Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade,
patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating
between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing
a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive
amounts of pornography creating significant liability for that organization.
Separating the wheat from the chaff is by no means an easy
task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available
OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC.
Audience
The target audience for this book is network, system, and security administrators who are responsible for protecting assets in their infrastructure.
This book is also for those involved in the incident handling and forensic analysis of servers and workstations. Network, system, and
security administrators will use this book on a daily basis to monitor the overall well being of the machines on their network. First
responders and forensic analysts will use this book to determine the nature, origin, and severity of an attack as well as to begin the
mitigation and repair process.
Contents
Chapter 1: Introduction
This chapter will introduce you to the OSSEC project, its history, and its goals.
Chapter
2: Getting Started With OSSEC
This chapter provides an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations.
Chapter 3: Installation
This chapter walks through the installation
process for the "local" and "server" install types, including the Windows and Unix agent, and techniques to automate multiple agents
installations.
Chapter 4: Configuration
This chapter discusses the post-install configuration of OSSEC. Within this
chapter you learn how to monitor log files, remote messages, email notification, alerting levels, etc.
Chapter 5: Working With
Log Analysis - Decoders
This chapter shows you how to extract key information from logs using decoders.
Chapter 6:
Working With Log Analysis - Rule Files
This chapter discusses how you can leverage rules for various devices and how to write
your own rules. It will include examples on how to parse atomic and composite rules, how to keep state between messages, remove false
positives and tune it appropriately.
Chapter 7: Configuring System Integrity Check
This chapter explains the system
integrity check features of OSSEC including monitoring of the binary executable files, system configuration files, and even the Windows
registry.
Chapter 8: Rootkit Detection
This chapter explains the rootkit detection capabilities of OSSEC on Unix and
its configuration.
Chapter 9: Policy Enforcement
This chapter explains the policy enforcement capabilities of OSSEC,
explaining how to perform host-based system auditing and application monitoring.
Chapter 10: Active Response Configuration
This chapter explains how to configure the active response actions you want to configure as well as how to bind the actions to specific
rules or events.
Chapter 11: Integration and Advanced Configuration
This chapter explains previously undocumented features,
advanced configuration topics, and integration with third-party products.
Chapter 12: Using the Web interface
This
chapter explains how to install and use the community developed, open source web interface, that is available for OSSEC.
Appendix
A:
The Importance of Log Analysis
| Bibliographic details |
Paperback, 416 pages, publication date: MAR-2008
ISBN-13: 978-1-59749-240-9
Imprint: SYNGRESS
|
| Price and Ordering |
Price:
EUR 42.95
GBP 35.99
USD 59.95
|  |
Books and book related electronic products are priced in US dollars (USD), euro (EUR), and Great Britain Pounds (GBP). USD prices apply to the Americas and Asia Pacific. EUR prices apply in Europe and the Middle East. GBP prices apply to the UK and all other countries.
|
See also information about conditions of sale & ordering procedures, and links to our regional sales offices.
|
999/999
Last update: 22 Sep 2009
|
|
| |
| | |
|
|
| |
Home | Elsevier Sites | Privacy Policy | Terms and Conditions | Feedback | Site Map | A Reed Elsevier Company