Rory Bray, Daniel Cid, Andrew Hay - OSSEC Host-Based Intrusion Detection Guide

Write the first review!

Sold out

Rory Bray, Daniel Cid, Andrew Hay

OSSEC Host-Based Intrusion Detection Guide

English · Paperback / Softback

Description

Read more

This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented...until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems. -- Stephen Northcutt
OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This "picture" captures the most relevant information about that machine's configuration. OSSEC saves this "picture" and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization.
Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC.

List of contents

1. Introduction
2. Getting Started With OSSEC
3. Installation
4. Configuration
5. Working With Log Analysis - Decoders
6. Working With Log Analysis - Rule Files
7. Configuring System Integrity Check
8. Rootkit Detection
9. Policy Enforcement
10. Active Response Configuration
11. Integration and Advanced Configuration
12. Using the Web interface
Appendix A: The Importance of Log Analysis

Product details

Authors Rory Bray, Daniel Cid, Andrew Hay
Publisher Syngress Media
 
Languages English
Product format Paperback / Softback
Released 22.04.2008
 
EAN 9781597492409
ISBN 978-1-59749-240-9
Weight 716 g
Subject Natural sciences, medicine, IT, technology > IT, data processing > Data communication, networks

Customer reviews

No reviews have been written for this item yet. Write the first review and be helpful to other users when they decide on a purchase.

Write a review

Thumbs up or thumbs down? Write your own review.

For messages to CeDe.ch please use the contact form.

The input fields marked * are obligatory

By submitting this form you agree to our data privacy statement.