- Paperback: 416 pages
- Publisher: Syngress; 1 edition (March 17, 2008)
- Language: English
- ISBN-10: 159749240X
- ISBN-13: 978-1597492409
- Product Dimensions: 7.5 x 0.8 x 9.1 inches
- Shipping Weight: 1.5 pounds (View shipping rates and policies)
- Average Customer Review: 14 customer reviews
- Amazon Best Sellers Rank: #498,611 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
OSSEC Host-Based Intrusion Detection Guide 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
All Books, All the Time
Read author interviews, book reviews, editors picks, and more at the Amazon Book Review. Read it now
Frequently bought together
Customers who bought this item also bought
About the Author
Rory Bray is senior software engineer at Q1 Labs Inc. with years of experience developing Internet and security related services. In addition to being a long-time advocate of Open Source software, Rory has developed a strong interest in network security and secure development practices. Rory has a diverse background which includes embedded development, web application design, software architecture, security consulting and technical editing. This broad range of experience provides a unique perspective on security solutions.
Daniel Cid is the creator and main developer of the OSSEC HIDS (Open Source Security Host Intrusion Detection System). Daniel has been working in the security area for many years, with a special interest in intrusion detection, log analysis and secure development. He is currently working at Q1 Labs Inc. as a software engineer. In the past, he worked at Sourcefire, NIH and Opensolutions. Daniel holds several industry certifications including the CCNP, GCIH, CISSP.
Andrew leads a team of software developers at Q1 Labs Inc. integrating 3rd party event and vulnerability data into QRadar, their flagship network security management solution. Prior to joining Q1 Labs, Andrew was CEO and co-founder of Koteas Corporation, a leading provider of end to end security and privacy solutions for government and enterprise. His resume also includes such organizations as Nokia Enterprise Solutions, Nortel Networks, and Magma Communications, a division of Primus. Andrew is a strong advocate of security training, certification programs, and public awareness initiatives. He also holds several industry certifications including the CCNA, CCSA, CCSE, CCSE NGX, CCSE Plus, Security+, GCIA, GCIH, SSP-MPA, SSP-CNSA, NSA, RHCT, and RHCE.
Top customer reviews
1. They almost seem to be going for page count. Plenty of redundancy. I know some people like the introduce, tell, revisit, style of learning. I prefer something more succinct. They start each chapter with a fictional story, they cover the nitty-gritty (most useful part), then they summarize, then they have a "Solutions Fast Track" which is checklist style summary of the main points, then they have a Frequently Asked Questions section which covers a lot of what came before. They do this pattern for each chapter
2. The little story at the beg involving the odd made-up names seemed unnecessary and contrived.
3. The chapter on Data Mining was surprisingly light. No code, no useful examples, just a general discussion of what it is and what it is good for. Barely anything on using OSSEC to facilitate it.
I was a bit disappointed that OSSEC didn't contain any fancy heuristics for rootkit detection. It's just checking for signatures like the existence of certain files etc. This seems pointless as there are no signature updates available as far as I know and I'm relatively unlikely to be hit by an old rootkit.
The file integrity monitoring I've decided to do with AIDE which is bundled with CentOS. There's nothing special about OSSEC's.
The log monitoring/parsing/analysis I've decided to do with Splunk in one installation (the client has tons of money) and logstash in another (the client is a small business and very frugal).
Overall I guess I'm glad I read this book because now I have a more complete appreciation for what OSSEC can do and can be reasonably happy that I'm not really missing anything in not using OSSEC.
Otherwise, the book itself is a handy reference to have. But, you probably could get more takeaways from just learning OSSEC on your own and using the OSSEC users list as a point of reference.
Good book but it needs to be updated (especially the cover!). I expected more of this - like the granular details within each topic (active response, rules, decoders, etc). This is a very good book to get a quick overview and understanding, but for those who are well-experienced or familiar with OSSEC, it's not much of a huge help.
Oddly enough, I received a follow-up email from Syngress not long after posting this review. Seems they read up on things ;) Anyway, they sent me a temporary link to download the PDF so I was pretty satisfied. But that doesn't excuse the fact that they need to update the product information in terms of indicating that there is no ebook. Either way, thank you Syngress. Updating my review to 4-stars rather than 3.