What do you think?
Rate this book
Instant OSSEC Host-based Intrusion Detection System
A hands-on guide exploring OSSEC HIDS for operational and security awareness Overview In Detail Security software is often expensive, restricting, burdensome, and noisy. OSSEC-HIDS was designed to avoid getting in your way and to allow you to take control of and extract real value from industry security requirements. OSSEC-HIDS is a comprehensive, robust solution to many common security problems faced in organizations of all sizes. "Instant OSSEC-HIDS" is a practical guide to take you from beginner to power user through recipes designed based on real- world experiences. Recipes are designed to provide instant impact while containing enough detail to allow the reader to further explore the possibilities. Using real world examples, this book will take you from installing a simple, local OSSEC-HIDS service to commanding a network of servers running OSSEC-HIDS with customized checks, alerts, and automatic responses. You will learn how to maximise the accuracy, effectiveness, and performance of OSSEC-HIDS’ analyser, file integrity monitor, and malware detection module. You will flip the table on security software and put OSSEC-HIDS to work validating its own alerts before escalating them. You will also learn how to write your own rules, decoders, and active responses. You will rest easy knowing your servers can protect themselves from most attacks while being intelligent enough to notify you when they need help! You will learn how to use OSSEC-HIDS to save time, meet security requirements, provide insight into your network, and protect your assets. What you will learn from this book Approach Filled with practical, step-by-step instructions and clear explanations for the most important and useful tasks. A fast-paced, practical guide to OSSEC-HIDS that will help you solve host-based security problems. Who this book is written for This book is great for anyone concerned about the security of their servers-whether you are a system administrator, programmer, or security analyst, this book will provide you with tips to better utilize OSSEC-HIDS. Whether you’re new to OSSEC-HIDS or a seasoned veteran, you’ll find something in this book you can apply today! This book assumes some knowledge of basic security concepts and rudimentary scripting experience.
62 pages, Paperback
First published July 26, 2013
8 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
October 19, 2013
This book is a great way to take your first steps into the world of Host-Based Intrusion Detection (HIDS) and OSSEC. It makes no assumptions about your knowledge - takes you through the terminology, reasoning behind the solution and the requirements to deploy it effectively. It also contains useful links to further your reading specific to your solution or operating system. As I am had little knowledge of OSSEC or HIDS, it met all of my needs.
The book systematically takes the reader through the core offerings from OSSEC. Topics covered include rule writing, alerting, file integrity monitoring, monitoring using Operating System commands and rootkit detection and active response features.
It begins by describing in detail the OSSEC installation and follows with configuration examples for each of the aspects of a deployment; understanding and crafting your own rules; setting and tweaking alert levels; common deployment scenarios; automating the analysis of operating system commands; and bringing it all together.
The book contained some useful information and links for readers to pursue their own agenda including PCI. There were some areas where some additional background information may have proved helpful. One example was around where or why a user may wish to integrate OSSEC to an enterprise SIEM solution. Additionally, the Monitoring Command Output chapter made no mention of Microsoft OS commands; however, a quick search confirmed that does indeed seem to be supported.
The text identifies the potential pitfalls you may encounter and common mistakes, including those related to security, which people make when deploying HIDS, as well as running the reader step-by-step through running and improving your deployment. Based on the content of the book, whilst there are a few minor areas which could improve what it offers to the OSSEC novice, it has certainly proved a valuable resource for a HIDS beginner.
The book systematically takes the reader through the core offerings from OSSEC. Topics covered include rule writing, alerting, file integrity monitoring, monitoring using Operating System commands and rootkit detection and active response features.
It begins by describing in detail the OSSEC installation and follows with configuration examples for each of the aspects of a deployment; understanding and crafting your own rules; setting and tweaking alert levels; common deployment scenarios; automating the analysis of operating system commands; and bringing it all together.
The book contained some useful information and links for readers to pursue their own agenda including PCI. There were some areas where some additional background information may have proved helpful. One example was around where or why a user may wish to integrate OSSEC to an enterprise SIEM solution. Additionally, the Monitoring Command Output chapter made no mention of Microsoft OS commands; however, a quick search confirmed that does indeed seem to be supported.
The text identifies the potential pitfalls you may encounter and common mistakes, including those related to security, which people make when deploying HIDS, as well as running the reader step-by-step through running and improving your deployment. Based on the content of the book, whilst there are a few minor areas which could improve what it offers to the OSSEC novice, it has certainly proved a valuable resource for a HIDS beginner.
August 6, 2014
The book is a short book; however it is a good start. I hope there is also an advanced recent book for OSSEC.
Displaying 1 - 2 of 2 reviews