Customer Reviews

OSSEC Host-Based Intrusion Detection Guide

5 star:		(4)
4 star:		(1)
3 star:		(1)
2 star:		(0)
1 star:		(0)

 

 

I'm surprised no one has offered serious commentary on the only book dedicated to OSSEC, an incredible open source host-based intrusion detection system. I first tried OSSEC in early 2007 and wrote in my blog: "OSSEC is really amazing in the sense that you can install it and immediately it starts parsing system logs for interesting activity." Stephen Northcutt of SANS quotes this post in his foreword to the book on p xxv. Once you start using OSSEC, especially with the WebUI, you'll become a log addict. OSSEC HIDS Guide (OHG) is your ticket to taking OSSEC to the next level, even though a basic installation will make you stronger and smarter.

I have to congratulate the author team for OHG. Writing a book for Syngress with many contributors is usually a recipe for disaster. OHG features three lead authors, four contributors, and one foreword author -- and they don't step on each others' toes. Each of the main chapters was coherent and well-written, with solid Frequently Asked Questions sections at the end. The chapters are well-formatted with a mix of tables, figures, clear screen captures, and plenty of configuration examples. The authors even include a DVD with a ready-to-run VMWare image of a Linux system running OSSEC and the WebUI. Please note the .rtf packaged on the DVD mentions visiting a "osui" directory on the Linux Web server in order to view the OSSEC WebUI. The correct URL is "oswui". The Camtasia videos walking viewers through OSSEC installation are a nice touch for the visually-inclined.

I had very few issues with OHG. I think two of the references to "/tmp" on p 203 should really be "tmp/", i.e., references to the tmp/ directory in the WebUI directory. Upgrading OSSEC is trivial (it detects a previous installation and asks the user how to proceed), but I would have liked to see that process mentioned explicitly in the book.

I appreciated the citation for my first book on p 256, but I think the author (hi Anton) missed a crucial point about Network Security Monitoring (NSM): data makes the expert. A ninja with no data isn't very effective. A newbie with data may not be a ninja, but he/she will be more likely to detect and respond to intrusions than the data-less ninja.

This is a simple review to write. If you use OSSEC, you should buy OHG. You'll learn how everything works, how to move beyond the simple (yet still powerful) out-of-the-free-box OSSEC feature set, and find more suspicious and malicious activity in your enterprise. In a future edition I would like to see discussions of integrating OSSEC with other log tools like Splunk.

I should have read the other reviews before purchasing - there is no free ebook download as expected. I had to find out the hard way by emailing Syngress, who was extremely unwilling to do anything about this. What a disappointment.

Otherwise, the book itself is a handy reference to have. But, you probably could get more takeaways from just learning OSSEC on your own and using the OSSEC users list as a point of reference.

Good book but it needs to be updated (especially the cover!). I expected more of this - like the granular details within each topic (active response, rules, decoders, etc). This is a very good book to get a quick overview and understanding, but for those who are well-experienced or familiar with OSSEC, it's not much of a huge help.

*EDIT/UPDATE*

Oddly enough, I received a follow-up email from Syngress not long after posting this review. Seems they read up on things ;) Anyway, they sent me a temporary link to download the PDF so I was pretty satisfied. But that doesn't excuse the fact that they need to update the product information in terms of indicating that there is no ebook. Either way, thank you Syngress. Updating my review to 4-stars rather than 3.

I bought this book for 2 reasons. One was as a main reference for a term paper I am writing in the Masters program I am taking at ECU and the other was to learn more about this open source HIDS for my own personal use. The book, I feel, goes into great detail about the software from the download to writing a policy. Most books will not say anything about a policy, they just talk about the software and leave you at that. If you are using, thinking about using or want to learn about HIDS then I suggest buying this book. A big bonus is that Daniel Cid is one of the authors. Most books may only reference the creator of the software, few actually have the creator as an author. Awesome book.

In these days of tight and/or frozen budgets, utilizing open source applications has become a must for many of us in the security realm. OSSEC is one such "must have" application that will give you visibility and insight into Windows, Mac and Linux machines on your network through the use of this Host Intrusion Detection application. There are many options, architectures and configuration variables and this book is an excellent resource that will guide you whether you are a seasoned professional or just starting to think about deploying host based intrusion detection in your environment. This book is a must have for any security engineer's bookshelf and a quick way to get you on the road to compliance using powerful and FREE software.

The book reviews listed here are all accurate. I purchased the book to get the Free eBook download. Unfortunately, it doesn't appear to be true anymore. The links to the solution registration do not work, and their customer service is clueless.

It is a great book. It is very important for system, and security administrators who are responsable for protecting assets in their infrastructure.