- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
IT managers who want to get a handle on their security logs but don’t have the budget for big-ticket software can check out an updated version of the open source, host-based intrusion-detection system OSSEC.
OSSEC Version 1.1 performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. Daniel Cid, lead developer and author of OSSEC, says the software is both an IDS as well as a log analysis and correlation tool, similar to products in the security event management market.
"The project was created on 2004, but it started to gain a lot of attention only at the end of 2005," Cid reports.
Cid this week made available Version 1.1, which he says adds features such as e-mail alerting, advanced log analysis and an active reponse mechanism to thwart attackers. This version includes "more advanced log-analysis rules for improved correlation and analysis," as well as new active response features that use "route null" to block detected attackers, he says.
OSSEC uses a client/server model with server software at a central location and distributed agent technology on managed devices. The software monitors file and directory modifications, provides accountability by storing authentication information, and triggers user alerts on failed authentication or questionable user additions.
The software runs on most operating systems, including Linux, OpenBSD, MacOS, Solaris and Windows. Users install the software on a server and then the agent is deployed on client machines using a Windows installation wizard.
"It has a centralized architecture, allowing one central server to manage and monitor the logs and integrity data from multiple agents," Cid explains. "The server/agent communication is encrypted/compressed so it saves a lot of bandwidth and keeps the privacy of the log data in transit."
The software also allows a local installation for users that are not interested in the server/agent architecture or just have one system to monitor. This release also adds support for Microsoft IIS 6, Cisco VPN concentrator, Cisco PIX VPN AAA, Cisco FWSM and Solaris 10 logs.
OSSEC Version 1.1 is available free for download under the GNU General Public License.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
Windows supportBy bugnot on October 27, 2008, 8:53 pmThe server DOES NOT work on Windows. Only the agent works on Windows.
Reply | Read entire comment
View all comments