Instant Ossec Host-based Intrusion Detection Ebook

Instant Ossec Host-based Intrusion Detection Ebook - Opis

Security software is often expensive, restricting, burdensome, and noisy. OSSEC-HIDS was designed to avoid getting in your way and to allow you to take control of and extract real value from industry security requirements. OSSEC-HIDS is a comprehensive, robust solution to many common security problems faced in organizations of all sizes.Instant OSSEC-HIDS is a practical guide to take you from beginner to power user through recipes designed based on real- world experiences. Recipes are designed to provide instant impact while containing enough detail to allow the reader to further explore the possibilities. Using real world examples, this book will take you from installing a simple, local OSSEC-HIDS service to commanding a network of servers running OSSEC-HIDS with customized checks, alerts, and automatic responses.You will learn how to maximise the accuracy, effectiveness, and performance of OSSEC-HIDS' analyser, file integrity monitor, and malware detection module. You will flip the table on security software and put OSSEC-HIDS to work validating its own alerts before escalating them. You will also learn how to write your own rules, decoders, and active responses. You will rest easy knowing your servers can protect themselves from most attacks while being intelligent enough to notify you when they need help!You will learn how to use OSSEC-HIDS to save time, meet security requirements, provide insight into your network, and protect your assets. Spis treści:
Instant OSSEC Host-based Intrusion Detection
Instant OSSEC Host-based Intrusion (...) więcej Detection
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Official documentation
The community
Commercial support
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Instant OSSEC Host-based Intrusion Detection
Installing OSSEC (Simple)
Getting ready
How to do it...
How it works...
Theres more
Binary installations
Starting OSSEC at boot
Configuring an OSSEC server (Simple)
Getting ready
How to do it...
How it works...
Getting agents to communicate (Simple)
Getting ready
How to do it...
How it works...
There's more...
Managing agent keys automatically
Writing your own rules (Simple)
Getting ready
How to do it...
How it works...
There's more...
Decoding event data
Detecting SSH brute-force attacks (Intermediate)
Getting ready
How to do it...
How it works...
Configuring the alerts (Simple)
Getting ready
How to do it...
How it works...
There's more...
What is rule 1002 and why is it spamming me?
Playing nice with others
File integrity monitoring (Simple)
Getting ready
How to do it...
How it works...
There's more...
Monitoring the Windows registry
Working with prelinking
Monitoring command output (Intermediate)
Getting ready
How to do it...
How it works...
Detecting rootkits and anomalies (Simple)
Getting ready
How to do it...
How it works...
There's more...
Auditing your systems
Increasing paranoia
Introducing active response (Intermediate)
Getting ready
How to do it...
How it works...
Verifying alerts with active response (Advanced)
Getting ready
How to do it...
How it works... O autorze: Brad Lhotsky started working with Unix systems professionally in 1998 as a system administrator, database administrator, network engineer, programmer, and security administrator. He has been an active member of the OSSEC HIDS community since 2004. He currently administers one of the largest OSSEC HIDS deployments in the world! mniej