Puede ser útil para muchos esto[1].
Ossim stands for Open Source Security Information Management. Its goal
is to provide a comprehensive compilation of tools which, when working
together, grant a network/security administrator with detailed view over
each and every aspect of his networks/hosts/physical access
devices/server/etc...
Besides getting the best out of well known open source tools, some of
which are quickly described below these lines, ossim provides a strong
correlation engine, detailed low, mid and high level visualization
interfaces as well as reporting and incident managing tools, working on
a set of defined assets such as hosts, networks, groups and services.
All this information can be limited by network or sensor in order to
provide just the needed information to specific users allowing for a
fine grained multi-user security environment. Also, the ability to act
as an IPS (Intrusion Prevention System) based on correlated information
from virtually any source result in a useful addition to any security
professional.
Components
Ossim features the following software components:
* Arpwatch, used for mac anomaly detection.
* P0f, used for passive OS detection and os change analisys.
* Pads, used for service anomaly detection.
* Nessus, used for vulnerability assessment and for cross
correlation (IDS vs Security Scanner).
* Snort, the IDS, also used for cross correlation with nessus.
* Spade, the statistical packet anomaly detection engine. Used to
gain knowledge about attacks without signature.
* Tcptrack, used for session data information which can grant
useful information for attack correlation.
* Ntop, which builds an impressive network information database
from which we can get aberrant behaviour anomaly detection.
* Nagios. Being fed from the host asset database it monitors host
and service availability information.
* Osiris, a great HIDS.
* OCS-NG, Cross-Platform inventory solution.
* OSSEC, integrity, rootkit, registry detection and more.
1- http://www.ossim.net/home.php
_______________________________________________
Cancelar suscripción
https://listas.softwarelibre.cu/mailman/listinfo/linux-l
Buscar en el archivo
http://listas.softwarelibre.cu/buscar/linux-l
