Instant OSSEC Host-based Intrusion Detection System Paperback – Illustrated, July 26, 2013

perfect summary of OSSEC

The content is great. I would suggest anyone that is going to install or use OSSEC to start here. Like my title suggests though. This is just a starting point. There is a lot more to learn that this book will not give you just keep in mind this is a starting point. A really good starting point.

ENGLISH:"Instant OSSEC Host-based Intrusion Detection System" is a book that consists of 11 items ranging from the Basic (or simple as the author calls it) to advanced. If this is your first encounter with the system OSSEC this book is for you. It is a super-fast lecture. Contains 62 pages (including front cover, index, credits, etc.). About 49 pages devoted to the system OSSEC.Purchased your book you can download a compressed file which contains the examples used properly identified for each point of the book.What I liked about this book is how the author describes the concepts and that goes straight to the key point. For each point the author refers to how technology works and how it should be implemented. Brad Lhotsky makes disclaimer that the book should not be taken as a guide step by step and I agree it should rather be taken as a guide to the world of OSSEC.While OSSEC is multiplatform the author emphasizes the implementation in Linux distributions.Some interesting points:Configuring an OSSEC serverWriting your own rulesDetecting rootkits and anomaliesIntroducing active responseAt the end is a book I highly recommend to people who are starting in the area of information security or those network administrators who do not have extensive knowledge of security.ESPAÑOL:"Instant OSSEC Host-based Intrusion Detection System" es un libro que se compone de 11 puntos que van desde lo Básico (o simple como lo llama el autor) hasta lo avanzado.Si es tu primer encuentro con el sistema OSSEC este libro es para ti, ya que es un libro de lectura súper rápida. Contiene un total de 62 páginas (incluyendo: portada, índice, créditos, etc). En total son unas 49 páginas dedicadas al sistema OSSEC.Una vez Adquirido su libro usted podrá descargar un archivo comprimido el cual contiene los ejemplos utilizados debidamente identificados para cada punto.Lo que me gusto de este libro es la forma del autor en que describe los conceptos y que va directo al punto clave. Dentro de cada punto el autor hace referencia en cómo trabaja la tecnología y como debería implementarse. Brad Lhotsky hace la aclaratoria que no debería tomarse el libro como una guía paso a paso y estoy de acuerdo más bien debería tomarse como una guía introductoria al mundo de OSSEC. Aunque el OSSEC es multiplataforma el autor hace hincapié en la implementación en distribuciones Linux.Algunos puntos interesantes:Configuring an OSSEC serverWriting your own rulesDetecting rootkits and anomaliesIntroducing active responseA la final es un libro que recomiendo altamente a las personas que están empezando en el área de seguridad de la información o aquellos administradores de red que no cuenta con amplio conocimiento de seguridad

This book is a great way to take your first steps into the world of Host-Based Intrusion Detection (HIDS) and OSSEC. It makes no assumptions about your knowledge - takes you through the terminology, reasoning behind the solution and the requirements to deploy it effectively. It also contains useful links to further your reading specific to your solution or operating system. As I had little knowledge of OSSEC or HIDS, it was exactly what I needed.The book systematically takes the reader through the core offerings from OSSEC. Topics covered include rule writing, alerting, file integrity monitoring, monitoring using Operating System commands and rootkit detection and active response features.It begins by describing in detail the OSSEC installation and follows with configuration examples for each of the aspects of a deployment; understanding and crafting your own rules; setting and tweaking alert levels; common deployment scenarios; automating the analysis of operating system commands; and bringing it all together.The book contained some useful information and links for readers to pursue their own agenda including references. There were some areas where some additional background information may have proved helpful. One example was around where or why a user may wish to integrate OSSEC to an enterprise SIEM solution. Additionally, the Monitoring Command Output chapter made no mention of Microsoft OS commands; however, a quick search confirmed that does indeed seem to be supported.The text identifies the potential pitfalls you may encounter and common mistakes, including those related to security, which people make when deploying HIDS, as well as leading the reader step-by-step through running and improving your deployment. Based on the content of the book, whilst there are a few minor areas which could improve what it offers to the OSSEC novice, it has certainly proved a valuable resource for a HIDS beginner.

Brad's book "Instant OSSEC Host-based Intrusion Detection System" is a great place for new users of OSSEC to start with the process of understanding what OSSEC does and how to configure it. The book consists of a series of what I like to call "recipes" that ranges from basic information such as installing OSSE to advanced concepts like detecting rootkits and configuring active response - the OSSEC mechanism to take user defined actions to handle specific security events. Each recipe follows a consistent format that describes background information you need to know, how to do the particular recipe and even how each works.I work with Brad on the OSSEC Project development team, so I'm no stranger to using OSSEC. But OSSEC has a lot of capabilities, not all of which I have used, so I found Brad's book very helpful in understanding some of the core functionality with which I had less experience. If you are an OSSEC beginner or like me, someone who is familiar with it but could use some help with more advanced features, then you'll want to have "Instant OSSEC Host-based Intrusion Detection System" right by your side at all times.