Petit point sur les serveur de sécurité open source

Sommaire

  1. HIDS
    1. OSSIM

      Solution :

      • OpenSIMS : ( pas mis a jour depuis 2013 et inclu Nagios )
      • Prelude : Dur a installer et peu suivi
      • SECURITY ONION : ??
      • OSSIM

      Possibilité :

      • OSSEC + Interface Wazhu : Bizarrement peut d’information al dessus sur internet
      • OSSIM +

      HIDS

      OSSIM

      Open Source Security Information and Event Management

      Logiciel automatisé regroupant :

      • PRADS, used to identify hosts and services by passively monitoring network traffic. Added in release v4.0. [8]
      • OpenVAS, used for vulnerability assessment and for cross correlation of (Intrusion detection system (IDS) alerts vs Vulnerability Scanner) information.
      • Snort, used as an Intrusion detection system (IDS), and also used for cross correlation with Nessus.
      • Suricata, used as an Intrusion detection system (IDS), as of version 4.2 this is the IDS used in the default configuration
      • Tcptrack, used for session data information which can grant useful information for attack correlation.
      • Nagios, used to monitor host and service availability information based on a host asset database.
      • OSSEC, a Host-based intrusion detection system (HIDS).
      • Munin, for traffic analysis and service watchdogging.
      • NFSen/NFDump, used to collect and analyze NetFlow information.
      • FProbe, used to generate NetFlow data from captured traffic.
      • OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.

      Tutoriel intéressant

      • http://linoxide.com/security/install-configure-alienvault-siem-ossim/
      • https://www.alienvault.com/documentation/usm-v5/ids-configuration/deploying-alienvault-hids.htm
      • http://blog.muhammadattique.com/configuring-ossec-clients-with-ossim/
      • Security onion

      Inclus Suricata

      https://www.elastic.co/fr/products/siem

      Petites notes personnels sur la sécurité des serveurs

      Sécurité -> Filtre de confidentialité

      Note: Suricata and Snort cannot be used at the same time. Snort is currently being phased out in favor of Suricata. [9]

      OSSEC : Logiciel HIDS

      Alert: IIS attack detected

      SIEM

      Doc sympa http://www.ossec.net/files/OSSEC_and_OSSIM_Unified_Open_Source_Security.pdf[:en]Petites notes personnels sur la sécurité des serveurs

      Note: Suricata and Snort cannot be used at the same time. Snort is currently being phased out in favor of Suricata. [9]

      HIDS

      OSSEC : Logiciel HIDS

      Alert: IIS attack detected

      SIEM

      Doc sympa http://www.ossec.net/files/OSSEC_and_OSSIM_Unified_Open_Source_Security.pdf[:]