1
REVIEWS 4 Network Security September 2013 Reviews Instant OSSEC Host-based Intrusion Detection Brad Lhotsky. Published by Packt Publishing. ISBN: 9781782167648. Price: E18.99, 62pgs, e-book (print version also available). T he ‘Instant’ series of books from Packt is intended to get you up to speed with a subject very quickly – not just by providing an overview but by helping you delve into it in a practical way. The chapters in this book cover: installing an Open Source Security Event Correlator Host-based Intrusion Detection System (OSSEC HIDS); getting agents to communicate with it; writing rules and configuring alerts; detecting SSH brute-force attacks, rootkits and anomalies; monitoring file integrity and command output; active response; and verifying alerts with active response. Each chapter is rated according to its complexity, but only the last is considered ‘advanced’, but the author does provide a number of sources of help should you get stuck, chief among which is the OSSEC HIDS community – or Trend Micro, if you want commercial support. While this is an entry-level book as far as the subject is concerned, you’re going to need some knowledge of security concepts and scripting going into it, but not at a particularly advanced level. This is a short book, but it is densely packed with useful and practical information. The author holds your hand through every stage of installing, configuring and using the system. It is, in effect, a highly readable and accessible manual that helps you understand the functioning and application of the system in a way that man pages do not. In most cases, the author takes you step-by- step through the processing of setting up or configuring each element of the solution. And while that should leave you with a working system, simply following a recipe in this way doesn’t give you any real insight. So this is followed up with a ‘How it works’ section, providing you with a deeper understanding and a place from which you can carry out further research of your own. Intrusion detection is an essential part of any organisation’s defences. And while large firms might opt for expensive appliances to do the job, OSSEC HIDS offers a low-cost but effective way of watching for malicious traffic. And this book makes it easy for anyone to get such a system up and running. The book is available here: http://www. packtpub.com/ossec-host-based-intrusion- detection-system/book. – SM-D Simple Steps to Data Encryption Peter Loshin. Published by Syngress. ISBN: 978-0-12-411483-8. Price: $29.95, 86pgs, paperback. Also available as an e-book. T his book couldn’t have come at a more opportune time. With all the fall-out from the NSA and GCHQ surveillance revelations, there’s bound to be a new-found interest in encrypting data. And not before time. The simple fact is that encryption remains an under-used technology. For all that leading websites are moving to automatic HTTPS connections, and many email services encourage you to use TSL, when it comes to personal data, too many individuals and organisations leave it unprotected much of the time. The approach of this book is perfect for these strange times. Rather than get bogged down in cryptographic theory, or detailing (yet again) the damage to businesses from data breaches, it gets straight into telling you how you can protect yourself with some simple and readily available tools. In fact, the main tool described throughout this book is Gnu Privacy Guard (GnuPG) – a free and open-source package available for Linux, Windows and Mac OS X. So keen is Pete Loshin that you actually use the tools and techniques he describes, he tells you how to encrypt, decrypt and confirm the authenticity of a signed file on the very first page of the book. And he promises that every subsequent page will have something of practical value – a promise he pretty much keeps. The author does take a few pages to introduce the concepts behind encryption – particularly, public key encryption. After all, it’s important to understand why you need to keep the private key a secret. But he quickly moves on to using the tools. The book is largely platform agnostic, although Loshin displays a clear (and understandable) preference for Linux. To help readers grasp how and why they should use encryption (with the latter often being left somewhat vague in books of this nature), Loshin adopts a narrative form, telling little fictional tales about the real-world situations that you or I might find ourselves in. While a tad whimsical – and perhaps not to everyone’s taste – this does have the virtue of anchoring the subject very much in the day-to- day lives of the average reader. It’s so easy for a subject like encryption to seem exotic, as though you would only turn to this technology under special circumstances – in very hostile environments, perhaps, or if you had world-altering information to protect. The message here is that everyone can benefit from protecting their information, and you should be doing it as a matter of habit in your everyday life. The eight chapters of this short but worthwhile book cover all the most important topics for basic use of encryption – encrypting and decrypting files and whole disks, key management, the Web of Trust, signing and verifying files, and even a handy guide to choosing good passphrases. This isn’t a book for security professionals, who will find it all too basic. But it is a good book for them to give to someone they care about. It’s really for the everyday computer user who, perhaps in the aftermath of the current government snooping furore, has awakened to the need to protect their data. In that light, my one reservation is that, reflecting his Linux leanings, the techniques demonstrated in the book are nearly all command-line instructions, something that may be off-putting to non-geeks. But then, if it also encourages people to explore the true power of their computers, maybe that’s a good thing too. The book is available here: http://store.elsevier.com/Simple-Steps- to-Data-Encryption/Peter-Loshin/isbn- 9780124114838/. – SM-D BOOK REVIEW BOOK REVIEW

Instant OSSEC Host-based Intrusion Detection

Embed Size (px)

Citation preview

Page 1: Instant OSSEC Host-based Intrusion Detection

REVIEWS

4Network Security September 2013

Reviews

Instant OSSEC Host-based Intrusion Detection Brad Lhotsky. Published by Packt Publishing. ISBN: 9781782167648. Price: E18.99, 62pgs, e-book (print version also available).

The ‘Instant’ series of books from Packt is intended to get you up

to speed with a subject very quickly – not just by providing an overview but by helping you delve into it in a practical way.

The chapters in this book cover: installing an Open Source Security Event Correlator Host-based Intrusion Detection System (OSSEC HIDS); getting agents to communicate with it; writing rules and configuring alerts; detecting SSH brute-force attacks, rootkits and anomalies; monitoring file integrity and command output; active response; and verifying alerts with active response. Each chapter is rated according to its complexity, but only the last is considered ‘advanced’, but the author does provide a number of sources of help should you get stuck, chief among which is the OSSEC HIDS community – or Trend Micro, if you want commercial support.

While this is an entry-level book as far as the subject is concerned, you’re going to need some knowledge of security concepts and scripting going into it, but not at a particularly advanced level.

This is a short book, but it is densely packed with useful and practical information. The author holds your hand through every stage of installing, configuring and using the system. It is, in effect, a highly readable and accessible manual that helps you understand the functioning and application of the system in a way that man pages do not.

In most cases, the author takes you step-by-step through the processing of setting up or

configuring each element of the solution. And while that should leave you with a working system, simply following a recipe in this way doesn’t give you any real insight. So this is followed up with a ‘How it works’ section, providing you with a deeper understanding and a place from which you can carry out further research of your own.

Intrusion detection is an essential part of any organisation’s defences. And while large firms might opt for expensive appliances to do the job, OSSEC HIDS offers a low-cost but effective way of watching for malicious traffic. And this book makes it easy for anyone to get such a system up and running.

The book is available here: http://www.packtpub.com/ossec-host-based-intrusion-detection-system/book.

– SM-D

Simple Steps to Data EncryptionPeter Loshin. Published by Syngress. ISBN: 978-0-12-411483-8. Price: $29.95, 86pgs, paperback. Also available as an e-book.

This book couldn’t have come at a more opportune time. With all

the fall-out from the NSA and GCHQ surveillance revelations, there’s bound to be a new-found interest in encrypting data. And not before time.

The simple fact is that encryption remains an under-used technology. For all that leading websites are moving to automatic HTTPS connections, and many email services encourage you to use TSL, when it comes to personal data, too many individuals and organisations leave it unprotected much of the time.

The approach of this book is perfect for these strange times. Rather than get bogged down in cryptographic theory, or detailing (yet again) the damage to businesses from data breaches, it gets straight into telling you how you can protect yourself with some simple and readily available tools. In fact, the main tool described throughout this book is Gnu Privacy Guard (GnuPG) – a free and open-source

package available for Linux, Windows and Mac OS X.

So keen is Pete Loshin that you actually use the tools and techniques he describes, he tells you how to encrypt, decrypt and confirm the authenticity of a signed file on the very first page of the book. And he promises that every subsequent page will have something of practical value – a promise he pretty much keeps.

The author does take a few pages to introduce the concepts behind encryption – particularly, public key encryption. After all, it’s important to understand why you need to keep the private key a secret. But he quickly moves on to using the tools. The book is largely platform agnostic, although Loshin displays a clear (and understandable) preference for Linux.

To help readers grasp how and why they should use encryption (with the latter often being left somewhat vague in books of this nature), Loshin adopts a narrative form, telling little fictional tales about the real-world situations that you or I might find ourselves in. While a tad whimsical – and perhaps not to everyone’s taste – this does have the virtue of anchoring the subject very much in the day-to-day lives of the average reader.

It’s so easy for a subject like encryption to seem exotic, as though you would only turn to this technology under special circumstances – in very hostile environments, perhaps, or if you had world-altering information to protect. The message here is that everyone can benefit from protecting their information, and you should be doing it as a matter of habit in your everyday life.

The eight chapters of this short but worthwhile book cover all the most important topics for basic use of encryption – encrypting and decrypting files and whole disks, key management, the Web of Trust, signing and verifying files, and even a handy guide to choosing good passphrases.

This isn’t a book for security professionals, who will find it all too basic. But it is a good book for them to give to someone they care about. It’s really for the everyday computer user who, perhaps in the aftermath of the current government snooping furore, has awakened to the need to protect their data. In that light, my one reservation is that, reflecting his Linux leanings, the techniques demonstrated in the book are nearly all command-line instructions, something that may be off-putting to non-geeks. But then, if it also encourages people to explore the true power of their computers, maybe that’s a good thing too.

The book is available here: http://store.elsevier.com/Simple-Steps-to-Data-Encryption/Peter-Loshin/isbn-9780124114838/.

– SM-D

BOOK REVIEW

BOOK REVIEW

http://www.packtpub.com/ossec-host-based-intrusion-detection-system/book
http://www.packtpub.com/ossec-host-based-intrusion-detection-system/book
http://www.packtpub.com/ossec-host-based-intrusion-detection-system/book

OSSEC Log Management with Elasticsearch

OSSEC Log Management with Elasticsearch

Documents
Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion

Intrusion Detection Jie Lin. Outline Introduction A Frame for Intrusion Detection System Intrusion Detection Techniques Ideas for Improving Intrusion

Documents
Improve Threat Detection with OSSEC and AlienVault USM

Improve Threat Detection with OSSEC and AlienVault USM

Documents
System Monitoring and Network Intrusion Detection using ... · Network Intrusion Detection Systems – Snort – OSSEC NDIS z Vulnerability Scanners – Nessus, Nmap – Saint, GFI

System Monitoring and Network Intrusion Detection using ... · Network Intrusion Detection Systems – Snort – OSSEC NDIS z Vulnerability Scanners – Nessus, Nmap – Saint, GFI

Documents
OSSEC Log Mangement With Elasticsearch

OSSEC Log Mangement With Elasticsearch

Documents
Introducing OSSEC - host-based IDS · INTRODUCING OSSEC host-based IDS Saturday21st November,2015 Theresa Meiksner BSidesVienna0x7DF ... ELK Stack Integration. enhanced OSSEC with

Introducing OSSEC - host-based IDS · INTRODUCING OSSEC host-based IDS Saturday21st November,2015 Theresa Meiksner BSidesVienna0x7DF ... ELK Stack Integration. enhanced OSSEC with

Documents
OSSEC @ ISSA Jan 21st 2010

OSSEC @ ISSA Jan 21st 2010

Technology
Advanced OSSEC Training: Integration Strategies for Open Source Security

Advanced OSSEC Training: Integration Strategies for Open Source Security

Technology
Introducing OSSEC - host-based IDS · INTRODUCING OSSEC host-based IDS Saturday21st November,2015 Theresa Meiksner BSidesVienna0x7DF(2015)

Introducing OSSEC - host-based IDS · INTRODUCING OSSEC host-based IDS Saturday21st November,2015 Theresa Meiksner BSidesVienna0x7DF(2015)

Documents
Honeywell Intrusion Systems Honeywell Intrusion Systems

Honeywell Intrusion Systems Honeywell Intrusion Systems

Documents
Securing Hadoop with OSSEC

Securing Hadoop with OSSEC

Documents
Scan Ubuntu With OSSEC + Postfix Prepare for PCI-DSS 0unmp9

Scan Ubuntu With OSSEC + Postfix Prepare for PCI-DSS 0unmp9

Documents
Intrusion Dection System and Intrusion Remedies

Intrusion Dection System and Intrusion Remedies

Documents
Comparison of Intrusion Detection Systems/Intrusion

Comparison of Intrusion Detection Systems/Intrusion

Documents
©Justin C. Klein Keane Using OSSEC Open Source Host Based Intrusion Detection Justin C. Klein Keane University of Pennsylvania School of Arts & Sciences

©Justin C. Klein Keane Using OSSEC Open Source Host Based Intrusion Detection Justin C. Klein Keane University of Pennsylvania School of Arts & Sciences

Documents
OSSEC HIDS, Host Based Intrusion Detection System

OSSEC HIDS, Host Based Intrusion Detection System

Documents
1. INTRUSION Intrusion Detection system Intrusion Preventation system 2

1. INTRUSION Intrusion Detection system Intrusion Preventation system 2

Documents
Intrusion Detection • Principles • Models of Intrusion ...muratk/courses/dbsec12f_files/Intrusion... · • Models of Intrusion Detection • Architecture of an IDS ... insert

Intrusion Detection • Principles • Models of Intrusion ...muratk/courses/dbsec12f_files/Intrusion... · • Models of Intrusion Detection • Architecture of an IDS ... insert

Documents
Manual de HIDS OSSEC y Port Scan Detector PSAD

Manual de HIDS OSSEC y Port Scan Detector PSAD

Documents
Aws security with HIDS, OSSEC

Aws security with HIDS, OSSEC

Technology
Intrusion Forecasting Framework for Early Warning System ...icss/jwis2007/pdf/Invited-2.pdf · ¾Early detection of Cyber Attack and Instant response to it ¾Cyber Attack can be Intrusion,

Intrusion Forecasting Framework for Early Warning System ...icss/jwis2007/pdf/Invited-2.pdf · ¾Early detection of Cyber Attack and Instant response to it ¾Cyber Attack can be Intrusion,

Documents
Intrusion Prevention Intrusion Prevention for for Service

Intrusion Prevention Intrusion Prevention for for Service

Documents
Magazine ossec n_1

Magazine ossec n_1

Documents
OSSEC Wazuh documentation - Read the Docs · 7.2 OSSEC-ELK Container ... Please note that this documentation is not intended to substitute OSSEC HIDS documentation,

OSSEC Wazuh documentation - Read the Docs · 7.2 OSSEC-ELK Container ... Please note that this documentation is not intended to substitute OSSEC HIDS documentation,

Documents
Ossec Project

Ossec Project

Documents
OSSEC in the Enterprise - Immutable Security

OSSEC in the Enterprise - Immutable Security

Documents
Intrusion Detection Sven Diesendorf INF02. Übersicht 1 Einführung Intrusion Intrusion Detection Firewall und Intrusion Detection System 2 Technik Aufbau

Intrusion Detection Sven Diesendorf INF02. Übersicht 1 Einführung Intrusion Intrusion Detection Firewall und Intrusion Detection System 2 Technik Aufbau

Documents
USER MANUAL OF OSSEC (Open Source Security) - WordPress.com€¦ · OSSEC or Open Source Security, is an intrusion detection system which is host-based. It performs many types of

USER MANUAL OF OSSEC (Open Source Security) - WordPress.com€¦ · OSSEC or Open Source Security, is an intrusion detection system which is host-based. It performs many types of

Documents
و کشف بد افزار OSSEC

و کشف بد افزار OSSEC

Services
OSSEC Documentation · OSSEC Documentation, Release 2.7.1 Architecture This diagram shows the central manager receiving events from the agents and system logs from remote devices

OSSEC Documentation · OSSEC Documentation, Release 2.7.1 Architecture This diagram shows the central manager receiving events from the agents and system logs from remote devices

Documents