OSSEC HIDS

OSSEC is a host-based intrusion detection system (HIDS) that can keep the machines in a network safe from various malicious attacks.

The system can perform integrity checking tasks on the machines as well as monitor the registry area or detect the presence of rootkits.

The system is composed of two parts, an agent that runs on the client machine and a server that can manages the policies.

Even if it may sound like a daunting operation, installing the agent on the computer is no more complicated than adding any other application to the system.

However, in this case there is the possibility to choose the components to be included in the process; this refers to IIS (Internet Information Services) scanning and log monitoring and turning on the integrity checking module.

The application window is far from being complicated, even for a less experienced user. If the server side of the system has already been prepared all you have to do is provide its address and the authentication key in order to establish the connection.

Apart from the above mentioned activities the agent can keep an eye on the event log in real time and check the system folders for changes as well as check the current policies in order to make sure that the system is configured properly.

All configuration of the agent has to be carried out manually by editing a text file containing all the necessary parameters.

Installing the agent is not a tough job, but setting it up for to send the necessary information to the server requires some knowledge and has to be done by a system administrator.