OSSEC host-based intrusion detection guide
This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outli...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Weitere Verfasser: | , |
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Burlington, Mass.
Syngress Pub.
2008
|
| Schlagworte: | |
| Online-Zugang: | lizenzpflichtig |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
MARC
| LEADER | 00000cam a22000002 4500 | ||
|---|---|---|---|
| 001 | ZDB-30-ORH-051698102 | ||
| 003 | DE-627-1 | ||
| 005 | 20240228114314.0 | ||
| 007 | cr uuu---uuuuu | ||
| 008 | 200417s2008 xx |||||o 00| ||eng c | ||
| 020 | |a 9781597492409 |9 978-1-59749-240-9 | ||
| 020 | |a 159749240X |9 1-59749-240-X | ||
| 020 | |a 9780080558776 |c electronic bk. |9 978-0-08-055877-6 | ||
| 020 | |a 0080558771 |c electronic bk. |9 0-08-055877-1 | ||
| 035 | |a (DE-627-1)051698102 | ||
| 035 | |a (DE-599)KEP051698102 | ||
| 035 | |a (ORHE)9781597492409 | ||
| 035 | |a (DE-627-1)051698102 | ||
| 040 | |a DE-627 |b ger |c DE-627 |e rda | ||
| 041 | |a eng | ||
| 072 | 7 | |a COM |2 bisacsh | |
| 072 | 7 | |a COM |2 bisacsh | |
| 072 | 7 | |a COM |2 bisacsh | |
| 082 | 0 | |a 005.8 |2 22 | |
| 100 | 1 | |a Hay, Andrew |e VerfasserIn |4 aut | |
| 245 | 1 | 0 | |a OSSEC host-based intrusion detection guide |c Andrew Hay, Daniel Cid, Rory Bray |
| 264 | 1 | |a Burlington, Mass. |b Syngress Pub. |c 2008 | |
| 300 | |a 1 online resource (xxvii, 307 pages) |b illustrations | ||
| 336 | |a Text |b txt |2 rdacontent | ||
| 337 | |a Computermedien |b c |2 rdamedia | ||
| 338 | |a Online-Ressource |b cr |2 rdacarrier | ||
| 500 | |a Includes index. - Includes bibliographical references and index. - Print version record | ||
| 520 | |a This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented ... until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems. -- Stephen Northcutt OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This?picture? captures the most relevant information about that machine?s configuration. OSSEC saves this?picture? and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization. Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC. .Get Started with OSSEC Get an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations. .Follow Steb-by-Step Installation Instructions Walk through the installation process for the "local", "agent", and "server" install types on some of the most popular operating systems available. .Master Configuration Learn the basic configuration options for your install type and learn how to monitor log files, receive remote messages, configure email notification, and configure alert levels. .Work With Rules Extract key information from logs using decoders and how you can leverage rules to alert you of strange occurrences on your network. .Understand System Integrity Check and Rootkit Detection Monitor binary executable files, system configuration files, and the Microsoft Windows registry. .Configure Active Response Configure the active response actions you want and bind the actions to specific rules and sequence of events. .Use the OSSEC Web User Interface Install, configure, and use the community-developed, open source web interface available for OSSEC. .Play in the OSSEC VMware Environment Sandbox Use the OSSEC HIDS VMware Guest image on the companion DVD to implement what you have learned in a sandbox-style environment. .Dig Deep into Data Log Mining Take the "high art" of log analysis to the next level by breaking the dependence on the lists of strings or patterns to look for in the logs | ||
| 630 | 2 | 0 | |a OSSEC (Computer file) |
| 650 | 0 | |a Computer security | |
| 650 | 0 | |a Computer networks |x Security measures | |
| 650 | 4 | |a OSSEC (Computer file) | |
| 650 | 4 | |a OSSEC (Computer file) | |
| 650 | 4 | |a Sécurité informatique | |
| 650 | 4 | |a Réseaux d'ordinateurs ; Sécurité ; Mesures | |
| 650 | 4 | |a COMPUTERS ; Internet ; Security | |
| 650 | 4 | |a COMPUTERS ; Networking ; Security | |
| 650 | 4 | |a COMPUTERS ; Security ; General | |
| 650 | 4 | |a Computer networks ; Security measures | |
| 650 | 4 | |a Computer security | |
| 700 | 1 | |a Cid, Daniel |e MitwirkendeR |4 ctb | |
| 700 | 1 | |a Bray, Rory |e MitwirkendeR |4 ctb | |
| 776 | 1 | |z 9781597492409 | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |z 9781597492409 |
| 856 | 4 | 0 | |l TUM01 |p ZDB-30-ORH |q TUM_PDA_ORH |u https://learning.oreilly.com/library/view/-/9781597492409/?ar |m X:ORHE |x Aggregator |z lizenzpflichtig |3 Volltext |
| 912 | |a ZDB-30-ORH | ||
| 912 | |a ZDB-30-ORH | ||
| 951 | |a BO | ||
| 912 | |a ZDB-30-ORH | ||
| 049 | |a DE-91 | ||
Datensatz im Suchindex
| DE-BY-TUM_katkey | ZDB-30-ORH-051698102 |
|---|---|
| _version_ | 1818767273270181888 |
| adam_text | |
| any_adam_object | |
| author | Hay, Andrew |
| author2 | Cid, Daniel Bray, Rory |
| author2_role | ctb ctb |
| author2_variant | d c dc r b rb |
| author_facet | Hay, Andrew Cid, Daniel Bray, Rory |
| author_role | aut |
| author_sort | Hay, Andrew |
| author_variant | a h ah |
| building | Verbundindex |
| bvnumber | localTUM |
| collection | ZDB-30-ORH |
| ctrlnum | (DE-627-1)051698102 (DE-599)KEP051698102 (ORHE)9781597492409 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>05665cam a22006012 4500</leader><controlfield tag="001">ZDB-30-ORH-051698102</controlfield><controlfield tag="003">DE-627-1</controlfield><controlfield tag="005">20240228114314.0</controlfield><controlfield tag="007">cr uuu---uuuuu</controlfield><controlfield tag="008">200417s2008 xx |||||o 00| ||eng c</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781597492409</subfield><subfield code="9">978-1-59749-240-9</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">159749240X</subfield><subfield code="9">1-59749-240-X</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780080558776</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">978-0-08-055877-6</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0080558771</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">0-08-055877-1</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)051698102</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)KEP051698102</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ORHE)9781597492409</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627-1)051698102</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Hay, Andrew</subfield><subfield code="e">VerfasserIn</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">OSSEC host-based intrusion detection guide</subfield><subfield code="c">Andrew Hay, Daniel Cid, Rory Bray</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Burlington, Mass.</subfield><subfield code="b">Syngress Pub.</subfield><subfield code="c">2008</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (xxvii, 307 pages)</subfield><subfield code="b">illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">Computermedien</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Online-Ressource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes index. - Includes bibliographical references and index. - Print version record</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented ... until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems. -- Stephen Northcutt OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This?picture? captures the most relevant information about that machine?s configuration. OSSEC saves this?picture? and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization. Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC. .Get Started with OSSEC Get an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations. .Follow Steb-by-Step Installation Instructions Walk through the installation process for the "local", "agent", and "server" install types on some of the most popular operating systems available. .Master Configuration Learn the basic configuration options for your install type and learn how to monitor log files, receive remote messages, configure email notification, and configure alert levels. .Work With Rules Extract key information from logs using decoders and how you can leverage rules to alert you of strange occurrences on your network. .Understand System Integrity Check and Rootkit Detection Monitor binary executable files, system configuration files, and the Microsoft Windows registry. .Configure Active Response Configure the active response actions you want and bind the actions to specific rules and sequence of events. .Use the OSSEC Web User Interface Install, configure, and use the community-developed, open source web interface available for OSSEC. .Play in the OSSEC VMware Environment Sandbox Use the OSSEC HIDS VMware Guest image on the companion DVD to implement what you have learned in a sandbox-style environment. .Dig Deep into Data Log Mining Take the "high art" of log analysis to the next level by breaking the dependence on the lists of strings or patterns to look for in the logs</subfield></datafield><datafield tag="630" ind1="2" ind2="0"><subfield code="a">OSSEC (Computer file)</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">OSSEC (Computer file)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">OSSEC (Computer file)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Sécurité informatique</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Réseaux d'ordinateurs ; Sécurité ; Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">COMPUTERS ; Internet ; Security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">COMPUTERS ; Networking ; Security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">COMPUTERS ; Security ; General</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks ; Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Cid, Daniel</subfield><subfield code="e">MitwirkendeR</subfield><subfield code="4">ctb</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Bray, Rory</subfield><subfield code="e">MitwirkendeR</subfield><subfield code="4">ctb</subfield></datafield><datafield tag="776" ind1="1" ind2=" "><subfield code="z">9781597492409</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="z">9781597492409</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">TUM01</subfield><subfield code="p">ZDB-30-ORH</subfield><subfield code="q">TUM_PDA_ORH</subfield><subfield code="u">https://learning.oreilly.com/library/view/-/9781597492409/?ar</subfield><subfield code="m">X:ORHE</subfield><subfield code="x">Aggregator</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">BO</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-ORH</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-91</subfield></datafield></record></collection> |
| id | ZDB-30-ORH-051698102 |
| illustrated | Illustrated |
| indexdate | 2024-12-18T08:47:15Z |
| institution | BVB |
| isbn | 9781597492409 159749240X 9780080558776 0080558771 |
| language | English |
| open_access_boolean | |
| owner | DE-91 DE-BY-TUM |
| owner_facet | DE-91 DE-BY-TUM |
| physical | 1 online resource (xxvii, 307 pages) illustrations |
| psigel | ZDB-30-ORH |
| publishDate | 2008 |
| publishDateSearch | 2008 |
| publishDateSort | 2008 |
| publisher | Syngress Pub. |
| record_format | marc |
| spelling | Hay, Andrew VerfasserIn aut OSSEC host-based intrusion detection guide Andrew Hay, Daniel Cid, Rory Bray Burlington, Mass. Syngress Pub. 2008 1 online resource (xxvii, 307 pages) illustrations Text txt rdacontent Computermedien c rdamedia Online-Ressource cr rdacarrier Includes index. - Includes bibliographical references and index. - Print version record This book is the definitive guide on the OSSEC Host-based Intrusion Detection system and frankly, to really use OSSEC you are going to need a definitive guide. Documentation has been available since the start of the OSSEC project but, due to time constraints, no formal book has been created to outline the various features and functions of the OSSEC product. This has left very important and powerful features of the product undocumented ... until now! The book you are holding will show you how to install and configure OSSEC on the operating system of your choice and provide detailed examples to help prevent and mitigate attacks on your systems. -- Stephen Northcutt OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This?picture? captures the most relevant information about that machine?s configuration. OSSEC saves this?picture? and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization. Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC. .Get Started with OSSEC Get an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations. .Follow Steb-by-Step Installation Instructions Walk through the installation process for the "local", "agent", and "server" install types on some of the most popular operating systems available. .Master Configuration Learn the basic configuration options for your install type and learn how to monitor log files, receive remote messages, configure email notification, and configure alert levels. .Work With Rules Extract key information from logs using decoders and how you can leverage rules to alert you of strange occurrences on your network. .Understand System Integrity Check and Rootkit Detection Monitor binary executable files, system configuration files, and the Microsoft Windows registry. .Configure Active Response Configure the active response actions you want and bind the actions to specific rules and sequence of events. .Use the OSSEC Web User Interface Install, configure, and use the community-developed, open source web interface available for OSSEC. .Play in the OSSEC VMware Environment Sandbox Use the OSSEC HIDS VMware Guest image on the companion DVD to implement what you have learned in a sandbox-style environment. .Dig Deep into Data Log Mining Take the "high art" of log analysis to the next level by breaking the dependence on the lists of strings or patterns to look for in the logs OSSEC (Computer file) Computer security Computer networks Security measures Sécurité informatique Réseaux d'ordinateurs ; Sécurité ; Mesures COMPUTERS ; Internet ; Security COMPUTERS ; Networking ; Security COMPUTERS ; Security ; General Computer networks ; Security measures Cid, Daniel MitwirkendeR ctb Bray, Rory MitwirkendeR ctb 9781597492409 Erscheint auch als Druck-Ausgabe 9781597492409 TUM01 ZDB-30-ORH TUM_PDA_ORH https://learning.oreilly.com/library/view/-/9781597492409/?ar X:ORHE Aggregator lizenzpflichtig Volltext |
| spellingShingle | Hay, Andrew OSSEC host-based intrusion detection guide OSSEC (Computer file) Computer security Computer networks Security measures Sécurité informatique Réseaux d'ordinateurs ; Sécurité ; Mesures COMPUTERS ; Internet ; Security COMPUTERS ; Networking ; Security COMPUTERS ; Security ; General Computer networks ; Security measures |
| title | OSSEC host-based intrusion detection guide |
| title_auth | OSSEC host-based intrusion detection guide |
| title_exact_search | OSSEC host-based intrusion detection guide |
| title_full | OSSEC host-based intrusion detection guide Andrew Hay, Daniel Cid, Rory Bray |
| title_fullStr | OSSEC host-based intrusion detection guide Andrew Hay, Daniel Cid, Rory Bray |
| title_full_unstemmed | OSSEC host-based intrusion detection guide Andrew Hay, Daniel Cid, Rory Bray |
| title_short | OSSEC host-based intrusion detection guide |
| title_sort | ossec host based intrusion detection guide |
| topic | OSSEC (Computer file) Computer security Computer networks Security measures Sécurité informatique Réseaux d'ordinateurs ; Sécurité ; Mesures COMPUTERS ; Internet ; Security COMPUTERS ; Networking ; Security COMPUTERS ; Security ; General Computer networks ; Security measures |
| topic_facet | OSSEC (Computer file) Computer security Computer networks Security measures Sécurité informatique Réseaux d'ordinateurs ; Sécurité ; Mesures COMPUTERS ; Internet ; Security COMPUTERS ; Networking ; Security COMPUTERS ; Security ; General Computer networks ; Security measures |
| url | https://learning.oreilly.com/library/view/-/9781597492409/?ar |
| work_keys_str_mv | AT hayandrew ossechostbasedintrusiondetectionguide AT ciddaniel ossechostbasedintrusiondetectionguide AT brayrory ossechostbasedintrusiondetectionguide |