Petit point sur les serveur de sécurité open source

Solution :

  • OpenSIMS : ( pas mis a jour depuis 2013 et inclu Nagios )
  • Prelude : Dur a installer et peu suivi
  • SECURITY ONION : ??
  • OSSIM

Possibilité :

  • OSSEC + Interface Wazhu : Bizarrement peut d’information al dessus sur internet
  • OSSIM +

HIDS :

OSSIM

Logiciel automatisé regroupant :

  • PRADS, used to identify hosts and services by passively monitoring network traffic. Added in release v4.0. [8]
  • OpenVAS, used for vulnerability assessment and for cross correlation of (Intrusion detection system (IDS) alerts vs Vulnerability Scanner) information.
  • Snort, used as an Intrusion detection system (IDS), and also used for cross correlation with Nessus.
  • Suricata, used as an Intrusion detection system (IDS), as of version 4.2 this is the IDS used in the default configuration
  • Tcptrack, used for session data information which can grant useful information for attack correlation.
  • Nagios, used to monitor host and service availability information based on a host asset database.
  • OSSEC, a Host-based intrusion detection system (HIDS).
  • Munin, for traffic analysis and service watchdogging.
  • NFSen/NFDump, used to collect and analyze NetFlow information.
  • FProbe, used to generate NetFlow data from captured traffic.
  • OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.

Tutoriel intéressant

  • http://linoxide.com/security/install-configure-alienvault-siem-ossim/
  • https://www.alienvault.com/documentation/usm-v5/ids-configuration/deploying-alienvault-hids.htm
  • http://blog.muhammadattique.com/configuring-ossec-clients-with-ossim/

 

Security onion

Inclus Suricata