Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
4Activity
0 of .
Results for:
No results containing your search query
P. 1
OSSIM-Hands-On.pdf

OSSIM-Hands-On.pdf

Ratings: (0)|Views: 2,206|Likes:
Published by Amayita
Uploaded from Google Docs
Uploaded from Google Docs

More info:

Published by: Amayita on Nov 09, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

02/19/2013

pdf

text

original

 
Hands-On OSSIM 2.3
 Your Quick & Dirty Guide toUnderstanding and Deploying OSSIM
Disclaimer
All the information in this report is not necessarily correct.
License
Not for commercial use.
 Abstract
This work deals with
OSSIM 
Security Information Management system (version 2.3 as of thiswriting).The report gives a detailed description of
OSSIM 
's core components: sensor, server, database andframework.Installation process, advanced configuration, and server administration, are all covered. Detailsabout integration of third party devices, including development of custom plugins for unsupportedones, are explained in this writing.Correlation techniques and
CALM 
Risk assessment algorithm are described.
OSSEC 
,
OCS Inventory
,
 Nagios
, and other open source software are dealt with in their integrationwithin OSSIM.
Keywords
: SIM,
OSSIM 
, risk, correlation, sensor, server, CALM,
OSSEC 
, open source.1 / 30
 
Outline
1. Security Information Management systems.....................................................................................32. OSSIM: the Open Source SIM.........................................................................................................42.1. General description...................................................................................................................42.2. OSSIM's architecture................................................................................................................42.2.1. OSSIM sensor...................................................................................................................52.2.2. OSSIM server....................................................................................................................62.2.3. OSSIM database................................................................................................................72.2.4. OSSIM framework............................................................................................................73. Installing OSSIM..............................................................................................................................83.1. Downloading the .iso image.....................................................................................................83.2. Selecting the profile..................................................................................................................93.3. Configuring the network.........................................................................................................103.4. Setting up the partition table...................................................................................................103.5. Installing the base system.......................................................................................................103.6. Activating plugins...................................................................................................................113.7. Installation settings modification ...........................................................................................123.8. Updating the system ...............................................................................................................133.9. Accessing the web UI.............................................................................................................134. Assets and network discovery........................................................................................................155. Data collection ...............................................................................................................................175.1. Cisco PIX and Cisco FWSM..................................................................................................175.2. Linux server and Apache .......................................................................................................175.3. Windows host .........................................................................................................................185.4. OCS inventory........................................................................................................................186. Risk and correlation setup..............................................................................................................216.1. Risk configuration ..................................................................................................................216.2. Aggregated Risk and CALM algorithm..................................................................................216.3. Correlation directives..............................................................................................................237. OSSIM tuning ................................................................................................................................267.1. Least privilege account creation ............................................................................................267.2. Extending partitions................................................................................................................267.3. Filtering noise.........................................................................................................................277.4. Tuning panels .........................................................................................................................298. Conclusion......................................................................................................................................302 / 30
 
1. Security Information Management systems
Infrastructure of information technology companies is getting more and more complicated. Securitydevices are heterogeneous, ranging from firewalls and IDSs, to AntiViruses and Spam filters. Yet,they all have something in common: they store data on the so called “logs”. A log is a record ofevents that happens to a particular software.Thus, logs contain all the data a security manager needs. However, logs are too long to beanalyzed. Indeed, a study conducted by Gartner, the IT research and advisory firm headquartered inStamford USA, showed that out of 700 European IT managers questioned, 45% receive over 4,000security log line every second from their IT systems. Furthermore, according to the same source,one in ten IT departments spends more than three days a week analyzing security log data.A Security Information Management system (SIM), is a tool that fills in that gap by collectingeventlogs into a central repository for trend analysis. Indeed, it:
centralizes log information;
correlates logs to establish cause-effect relationship between events;
aggregates security events to a manageable list;
prevents possible damage/flaws on the company’s resources;
generates a security dashboard for management, assuring compliance with security policies(internal or external);
etc
.Hence, deploying a SIM in a company's infrastructure is extremely beneficial.3 / 30

Activity (4)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Robin Jackson liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->