No one wants an intruder in the corporate network, and one key way to fight against intruders is to be able to detect them.
Intrusion detection and prevention services (IDS/IPS) are broken down into two broad categories: network- and host-based services. Network-based IDS/IPS (Snort, for example) detects and potentially prevents network-borne attacks. Host-based IDS/IPS detects and potentially prevents threats at a host level. In this article, we’ll discuss OSSEC, an open source IDS/IPS that works on the host level.