Host intrusion detection with OSSEC

James Turnbull

No one wants an intruder in the corporate network, and one key way to fight against intruders is to be able to detect them.

Intrusion detection and prevention services (IDS/IPS) are broken down into two broad categories: network- and host-based services. Network-based IDS/IPS (Snort, for example) detects and potentially prevents network-borne attacks. Host-based IDS/IPS detects and potentially prevents threats at a host level. In this article, we’ll discuss OSSEC, an open source IDS/IPS that works on the host level.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s