Photo by Rayner Simpson on Unsplash
Intrusion Detection with OSSEC
Guardian Angel
As a host-based intrusion detection system (HIDS), OSSEC [1] detects and reacts to security incidents in real time. The software is capable of detecting a wide range of security incidents, including attacks on filesystems and directories, changes to system files and configuration files, failed login attempts, and attempts to escalate privileges. The tool also detects changes to logfiles and network attacks such as port scans, connection breaches, and distributed denial-of-service (DDoS) attacks.
In this article, I show you how to set up the server and the clients. You can also set up OSSEC as a Docker container. All packages are available directly from the download page [2].
Taking Countermeasures
OSSEC offers a range of countermeasures to help you respond to security incidents, such as blocking IP addresses or hosts that exhibit suspicious behavior and terminating processes that are unauthorized or attempting attacks. Additionally, the application lets you disable user accounts that are misused for attacks and supports alerting to ensure a rapid response to incidents. The free software basically focuses on monitoring systems and networks.
In this article, I look at why the use of OSSEC is a sensible step toward significantly enhancing security on networks. Ultimately, OSSEC helps you detect security incidents before virus scanners or other systems, which is particularly important in ransomware attacks, for example, because time is a critical factor.
OSSEC Editions
The basic version of OSSEC is open source and offers you a rich feature set with log-based intrusion detection, rootkit and malware detection, active response, compliance auditing, file integrity monitoring, and system inventory. It is important
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Open Source Security Information and Event Management system
Systems, network, and security professionals face a big problem managing disparate security data from a variety of sources. OSSIM gives IT security professionals the capacity to cut through the noise and gain wisdom and foresight in defending and managing their networks. -
Centralized monitoring and intrusion detection
Security Onion bundles numerous individual Linux tools that help you monitor networks or fend off attacks to create a standardized platform for securing IT environments. -
Security analysis with Security Onion
Security Onion offers a comprehensive security suite for intrusion detection that involves surprisingly little work. -
Keep an eye on your network
Osquery is a cross-platform open source tool that you can use to query your network, just like a database. -
Harden your Apache web server
Cyberattacks don't stop at the time-honored Apache HTTP server, but a smart configuration, timely updates, and carefully considered security strategies can keep it from going under.