OSSEC Host-Based Intrusion Detection Guide
Andrew Hay, Daniel Cid, Rory Bray
- 出版商: Syngress Media
- 出版日期: 2008-02-01
- 定價: $1,980
- 售價: 5.0 折 $990
- 語言: 英文
- 頁數: 416
- 裝訂: Paperback
- ISBN: 159749240X
- ISBN-13: 9781597492409
-
相關分類:
Operating-system、資訊安全
立即出貨 (庫存=1)
買這商品的人也買了...
-
$880$581 -
$650$514 -
$550$468 -
$1,200$948 -
$350$315 -
$720$612 -
$990$891 -
$600$480 -
$720$612 -
$1,180$1,003 -
$520$442 -
$980$774 -
$620$527 -
$590$502 -
$880$695 -
$620$527 -
$780$663 -
$480$379 -
$580$493 -
$680$612 -
$750$638 -
$720$648 -
$890$757 -
$490$417 -
$755開源安全運維平臺 OSSIM 最佳實踐
相關主題
商品描述
-- Stephen Northcutt
OSSEC determines if a host has been compromised in this manner by taking the equivalent of a picture of the host machine in its original, unaltered state. This ?picture? captures the most relevant information about that machine's configuration. OSSEC saves this ?picture? and then constantly compares it to the current state of that machine to identify anything that may have changed from the original configuration. Now, many of these changes are necessary, harmless, and authorized, such as a system administrator installing a new software upgrade, patch, or application. But, then there are the not-so-harmless changes, like the installation of a rootkit, trojan horse, or virus. Differentiating between the harmless and the not-so-harmless changes determines whether the system administrator or security professional is managing a secure, efficient network or a compromised network which might be funneling credit card numbers out to phishing gangs or storing massive amounts of pornography creating significant liability for that organization.
Separating the wheat from the chaff is by no means an easy task. Hence the need for this book. The book is co-authored by Daniel Cid, who is the founder and lead developer of the freely available OSSEC host-based IDS. As such, readers can be certain they are reading the most accurate, timely, and insightful information on OSSEC.
* Nominee for Best Book Bejtlich read in 2008!
* http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html
. Get Started with OSSEC
Get an overview of the features of OSSEC including commonly used terminology, pre-install preparation, and deployment considerations.
. Follow Steb-by-Step Installation Instructions
Walk through the installation process for the "local", "agent", and "server" install types on some of the most popular operating systems available.
. Master Configuration
Learn the basic configuration options for your install type and learn how to monitor log files, receive remote messages, configure email notification, and configure alert levels.
. Work With Rules
Extract key information from logs using decoders and how you can leverage rules to alert you of strange occurrences on your network.
. Understand System Integrity Check and Rootkit Detection
Monitor binary executable files, system configuration files, and the Microsoft Windows registry.
. Configure Active Response
Configure the active response actions you want and bind the actions to specific rules and sequence of events.
. Use the OSSEC Web User Interface
Install, configure, and use the community-developed, open source web interface available for OSSEC.
. Play in the OSSEC VMware Environment Sandbox
Use the OSSEC HIDS VMware Guest image on the companion DVD to implement what you have learned in a sandbox-style environment.
. Dig Deep into Data Log Mining
Take the "high art" of log analysis to the next level by breaking the dependence on the lists of strings or patterns to look for in the logs.
商品描述(中文翻譯)
這本書是關於OSSEC主機入侵檢測系統的權威指南,坦白說,要真正使用OSSEC,你需要一本權威指南。OSSEC項目自始至今一直有文件可供參考,但由於時間限制,尚未創建正式的書籍來概述OSSEC產品的各種功能和功能。這使得產品的一些重要且強大的功能未被記錄...直到現在!您手中的這本書將向您展示如何在您選擇的操作系統上安裝和配置OSSEC,並提供詳細的示例,以幫助防止和減輕對您系統的攻擊。-- Stephen Northcutt
OSSEC通過對主機機器在其原始、未更改的狀態下進行等效的拍照來確定主機是否遭到入侵。這個“拍照”捕捉了有關該機器配置的最相關信息。OSSEC保存這個“拍照”,然後不斷將其與該機器的當前狀態進行比較,以識別可能與原始配置不同的任何變化。現在,許多這些變化是必要的、無害的和經授權的,例如系統管理員安裝新的軟件升級、補丁或應用程序。但是,還有一些不那麼無害的變化,例如安裝rootkit、特洛伊木馬或病毒。區分無害和不那麼無害的變化,決定了系統管理員或安全專業人員是否在管理安全、高效的網絡,還是在管理受到入侵的網絡,可能將信用卡號碼傳送給釣魚團伙或存儲大量色情內容,給該組織帶來重大責任。分辨出好壞並不是一件容易的事情。因此,需要這本書。這本書由Daniel Cid共同撰寫,他是免費提供的OSSEC主機入侵檢測系統的創始人和首席開發人員。因此,讀者可以確信他們正在閱讀關於OSSEC的最準確、及時和富有洞察力的信息。
* 2008年Bejtlich閱讀的最佳書籍提名!
* http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html
開始使用OSSEC
瞭解OSSEC的功能,包括常用術語、預先安裝準備和部署注意事項。
按步驟進行安裝
在一些最受歡迎的操作系統上,逐步介紹“本地”、“代理”和“服務器”安裝類型的安裝過程。
掌握配置
了解您的安裝類型的基本配置選項,並學習如何監視日誌文件、接收遠程消息、配置電子郵件通知和配置警報級別。
使用規則
使用解碼器從日誌中提取關鍵信息,並利用規則警報您網絡上的奇怪事件。
了解系統完整性檢查和rootkit檢測
監視二進制可執行文件、系統配置文件和Microsoft Windows註冊表。
配置主動響應
配置您想要的主動響應操作,並將這些操作綁定到特定的規則和事件序列。
使用OSSEC Web用戶界面
安裝、配置和使用OSSEC的社區開發的開源Web界面。
在OSSEC VMware環境中進行實驗
使用附帶DVD上的OSSEC HIDS VMware Guest映像,在沙盒式環境中實施您所學的知識。
深入挖掘數據日誌分析
通過打破對日誌中要查找的字符串或模式列表的依賴,將“高級”日誌分析提升到更高的水平。