OSSEC & other intrusion detection systems - HA247

 For the best in Secure Managed Hosting, call: 01904 500 272


OSSEC & other intrusion detection systems

Published by Nick Fox

OSSEC & other intrusion detection systems

OSSEC & other intrusion detection systems
Host-based intrusion detection systems (HIDS) and network-based intrusion detection systems are two ways of managing security for computers and networks. While in HIDS, anti-threat software like firewalls, antivirus and spyware detection applications are installed separately on every computer in the network, in NIDS, anti-threat software is based only at specific crossroads, like servers that act as a liaison between the outside environment and the part of network that needs to be protected.

OSSIM BlogPost image1

Apart from its role as an intrusion detection system, host-based OSSEC is often used as a security information and event manager (SEM/SIM). It performs log analyses, integrity checking, rootkit detection, time-based alerting and active response. Its powerful log analysis engine made it popular with internet service providers, universities and large data centres, which use OSSEC HIDS to monitor and analyse their authentication logs, intrusion detection systems, firewalls and web servers. The latest 2.8.2. version was released on June 10.

Using protocol analysis, content searching and different pre-processors, Snort is able to detect thousands of worms, vulnerability exploit attempts, port scans and other suspicious behavior. This NIDS is perfect for traffic analysis and packet logging on IP networks. In the core of Snort’s code is a flexible rule-based language for describing traffic that it either records or ignores, as well as a modular detection engine. It comes with a free Basic Analysis and Security Engine, which is a web add-on for analysing Snort alerts. The latest version was released on July 23.

Developed by AlienVault, this Open Source Security Information and Event Management (SIEM) program offers a capable and comprehensive open source SIEM that provides event collection, normalization and correlation. The idea behind it came from security engineers who lacked available open source products. As such, it was developed with security professionals in mind, with a plethora of security controls. In addition, OSSIM includes the powerful AlienVault Open Threat Exchange, making it possible for users to contribute and be notified about malicious hosts in real time.
OSSIM BlogPost image2

ArcSight SIEM Platform
Among the SIEM tools developed by ArcSight, their ESM – Enterprise Security Manager is the brain of the whole platform. It analyses and correlates all the events that occur across the organization network – logins, logoffs, file access, database query, etc. which can then be presented graphically. After that, it can make accurate estimates of priority security risks and compliance violations. Using the powerful correlation engine, ArcSight ESM goes through millions of log records to identify relevant critical incidents. Unlike OSSEC HIDS and OSSIM, the ESC is a standalone applications that runs on Linux, Windows, AIX, and Solaris.

This network security analysis tool uses Network Security Monitoring (NSM) a concept developed by Richard Bejtlich, Director of Incident Response at General Electric, and a former Military Intelligence Officer with the USAF. This method involves the collection, analysis and escalation of warnings, so it can detect and respond to network intrusions. While it uses a traditional IDS, like Snort, as an alerting mechanism, it also analyses IDS events, session data and full packet capture, which help security officers decide whether an event is a false positive or calls for involvement of the incident response team.

An amazing open source multi-platform network protocol analyser, Wireshark lets you examine data from a live network or from a capture file. It offers interactive browsing of the capture data, so you can focus onto a level you are interested in. Among its powerful features you can find a rich display filter language as well as option for TCP sessions reconstructed stream view. In its running time, however, Wireshark was hampered by dozens of security holes so, make sure you are running the updated version, the latest one released on August 12.

In an ideal scenario, a corporate network should be shielded by both a HID and NID systems. The former acts as a last ditch protection for individual computers, while the latter maintains the secure network.

About the author: Dan Radak is a web hosting security professional with ten years of experience. He is currently working with a number of companies in the field of online security, closely collaborating with SecureLink. He is also co-author on several technology websites.


Find out how we helped Chi Chi London reach record
breaking sales this Black Friday. CALL 01904 500272.

Or fill out the fields below and we will call you back.

  • Nigel Wilkinson

    Having dealt with various Hosting companies over the past 15 years I can only say I wish I’d met HA247 years ago. They understand our business, understand hosting and are quick to respond to tech support and with suggestions that make our life easier. I have no hesitation in recommending them.

    Nigel Wilkinson, WNW Digital Ltd


  • David Bates

    Working in association with the HA247 team has been a pleasure. They embrace every challenge that faces them and their service is second to none. The team
    display an enthusiasm that is refreshing in today’s business climate and nothing is too much trouble. Technically they are at the top of their game for sure!

    David Bates, Creative World Ltd


  • Graham Cox

    “HA247 offer a reliable and professional service. We have been very pleased with their hosting services for the past two years and will continue to use them for the foreseeable future. We are very satisfied customers.”

    Graham Cox, Osiris Educational Limited


  • Dan Grant

    “HA247 have turned hosting on its head, for them it’s not about ramping up the numbers it’s about customer service and attention to detail. It’s about being approachable and never too busy to help. In short they are doing business as it should be done.”

    Dan Grant, Not Only But Also


  • Steven Wright

    “Your servers are faster than my servers. I happen to know that my servers cost more money. You clearly have some kind of secret sauce in there because we moved our main website this evening, and geez is it fast.”

    Steven Wright, Wright CCS


  • Gio Najar

    “Here at Chi Chi London our Internet presence is critical to our ecommerce business. Our High Availability hosting through HA247 combines high-end technology with very experienced Internet technicians.
    The HA247 team understands how my marketing impacts on the servers, and they are always available to talk. Their scalable hosting system just works.”

    Gio Najar, Director, Chi Chi London


  • Ben Morrison

    “We’ve worked with HA247 now for around 18 months on many client projects. Their ability to talk like human beings and cut through the jargon especially appeals to etailPR’s own objectives. Their focus on our requirements was instrumental in building the strong relationship we have today. We love that we can ring up, talk to a real person and know that they will give a considered view from their technical standpoint.”

    Ben Morrison, Etail PR


  • Chris Skitch

    “My old unmanaged dedicated server hosted by a “cheap-as-chips” French company was down when the team at HA247 came to the rescue. Nick is a genius. I had hit a brick wall trying to fix the issues when Nick was able to diagnose and restore my server within minutes. Since migrating to HA247 my uptime has increased from 98% to an astounding 100%. Myself and my clients could not be happier. I have no hesitation in recommending HA247.”

    Chris Skitch, Didgeroo


  • Jason Wheeler

    HA247 have been instrumental in getting our ecommerce clients safely and securely hosted at excellent monthly rates. The support given by Nick and his team whether during initial setup, adding SSL, or getting to the bottom of any hiccups our sites might encounter, has been second to none

    Jason Wheeler, Fashion Nexus Ltd


  • Tom Calpin

    “Switching to HA247 has been one of the best choices we’ve made as a development agency. The team are great at responding to our answers in just the right level of detail, and it’s refreshing to not have to deal with patronising comments, lies with fake jargon thrown in, and ‘have you tried reloading your browser?’. The server ‘just works’, and any issues are resolved urgently, sometimes even before we spot them. Our third-party monitoring service reports 100% uptime since we got our HA247 server. Not 99%. Not 99.999%. 100%.”

    Tom Calpin, Easy-Web-Sites


  • Geoff Willings

    “I’ve used many hosting companies. You get what you pay for! HA247 is, by far and away, the best hosting partner we’ve ever had. Firstly, HA247 actually listened to our initial requirements. They asked all the right questions to further understand our needs and have been instrumental to the evolution of our online infrastructure. Their experience and expertise is delivered with friendly enthusiasm. It makes working with them an absolute pleasure. We’re really looking forward to what the future holds with these top notch chaps contributing as an extension to our own team.”

     Geoff Willings, Azexis

    www.azexis.com & www.evance.it