OSSIM
Encyclopedia
OSSIM, or the Open Source Security Information Management, is a collection of tools designed to aid network administrators in computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

, intrusion detection
Intrusion detection
In Information Security, intrusion detection is the act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource. When Intrusion detection takes a preventive measure without direct human intervention, then it becomes an Intrusion-prevention...

 and prevention.

The project's goal is to provide a comprehensive collection of tools to grant an administrator a view of all the security-related aspects of their system. OSSIM also provides a strong correlation engine, with detailed low-, mid- and high-level visualization interfaces as well as reporting and incident managing tools. The ability to act as an intrusion-prevention system
Intrusion-prevention system
Intrusion Prevention Systems , also known as Intrusion Detection and Prevention Systems , are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information...

 based on correlated information from virtually any source results in a useful security tool. All this information can be filtered by network or sensor in order to provide just the information needed by specific users, allowing for a fine grained multi-user security environment.

Components

Ossim features the following software components:
  • Arpwatch
    Arpwatch
    arpwatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. It generates a log of observed pairing of IP addresses with MAC addresses along with a timestamp when the pairing appeared on the network...

    , used for MAC address
    MAC address
    A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...

     anomaly detection.
  • P0f
    P0f
    p0f is a versatile passive OS fingerprinting tool. p0f can identify the system on machines that connect to your box, machines you connect to, and even machines that merely go through or near your box even if the device is behind a packet firewall....

    , used for passive OS
    Operating system
    An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

     detection and OS change analysis.
  • Pads, used for service anomaly detection.
  • Nessus
    Nessus (software)
    In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:...

    , used for vulnerability assessment and for cross correlation (Intrusion detection system (IDS) vs Vulnerability Scanner
    Vulnerability scanner
    A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets...

    ).
  • Snort
    Snort (software)
    Snort is a free and open source network intrusion prevention system and network intrusion detection system , created by Martin Roesch in 1998...

    , used as a Intrusion detection system (IDS), and also used for cross correlation with Nessus.
  • Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
  • Tcptrack, used for session data information which can grant useful information for attack correlation.
  • Ntop
    Ntop
    ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a web server, creating a HTML dump of the network status...

    , which builds an impressive network information database for aberrant behaviour anomaly detection.
  • Nagios
    Nagios
    Nagios is a popular open source computer system and network monitoring software application. It watches hosts and services, alerting users when things go wrong and again when they get better....

    , used to monitor host and service availability information based on a host asset database.
  • Osiris, a Host-based intrusion detection system
    Host-based intrusion detection system
    A host-based intrusion detection system is an intrusion detection system that monitors and analyzes the internals of a computing system as well as the network packets on its network interfaces...

     (HIDS).
  • Snare
    Snare (software)
    Snare is a group of open-source agents, and a commercial server, used to collect audit log data from a variety of operating systems and applications to facilitate centralised log analysis...

    , a log collector for windows systems.
  • OSSEC
    OSSEC
    OSSEC is a free, open source host-based intrusion detection system . It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. It provides intrusion detection for most operating systems, including Linux, OpenBSD, FreeBSD,...

    , a host based IDS.
  • OSSIM also includes self developed tools, the most important being a generic correlation engine with logical directive support and logs integration with plugins.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK