RichM continues his quest to not only help secure his new company’s network but also safe money along the way. In this article, he shares with you the process in setting up your own IDS using open source software.
The best offense is a good defense. This is a very famous phrase most often attributed to football, but it can be applied to many areas of life especially information security. Diligent patching is a must, but even when done religiously (in conjunction with faithful anti-virus updates), vulnerabilities still exist. There has never been more of a need for an Intrusion Detection System (IDS) than right now. Attackers are more skilled and the tools they use more elaborate. We simply can’t be everywhere at once and need IDS to be the eyes in the back of our head.
There are many great products out there, but as an introduction to IDS, I wanted to focus on OSSEC-HIDS. OSSEC-HIDS is a great application to get your feet wet and open up the more advanced concepts of intrusion detection. OSSEC agents will run on virtually all OSes including Solaris, OS X, Linux and Windows (2000 and XP). The server itself is Linux based. The configuration is fairly straightforward as outlined below. This is a very basic introduction and should be considered a jumping off point.
As always, RichM’s articles live and die with you, the readers. Offer your feedback and/or requests for other articles.