Ossim
Has anyone read about/used this?
http://www.ossim.net/home.php
If this works they way it is described in the website, it blows the snort-BASE tandem out of the water.
Looks interesting. Maybe I'll have to throw together another box and put it side by side with my snort box and see how it compares.Originally Posted by anubis2k7
Of course, I'll have to wait until I finish a couple of projects first, so it's gonna be a month or so.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
That's nice....a VMimage to play with to get a feel for it. Nice idea.
Thanks for the link
Hmmm... wish there was an OpenBSD version available. I may try it out anyways... I wonder how it compares in the resource hog department.
dd if=/dev/swc666 of=/dev/wyze
Apparently, the VMimage is now pretty much redundant, as they now have a nice installer which does it all, from creating partitions, installing the OS, to setting up the programs (minus user specific info, of course)
This installer will also install into a VM, too, hence the image becoming unnecessary.
I just downloaded and burned the installer iso. After dinner I'm going to install it on a spare machine... I'll post my results
dd if=/dev/swc666 of=/dev/wyze
I spent the last couple of hours playing around with this. I used the all in one installer and put it on a VMware box.
This is really one impressive system....it makes snort-BASE look like a 6-year old's crayon drawing. BASE is one of many components in the system.
The NTOP plug in parses all network data, allowing users to view all traffic all over the network in a nice web-based gui format. I especially like the sessions function which logs all active TCP connections. Using this, an admin can simply look at this list and see which computers are connected where.
The nessus plug in is also nice because it allows you to schedule periodic scans (a la corporate GFI LANGUARD) to find potentially vulnerable hosts.
They have a man page describing the front end:
http://www.ossim.net/dokuwiki/doku.p...l:introduction
Like all IDS systems, this does need some customization. Some things I don't like are the fact that the X window system is not installed on the OS...I have yet to get it to work. Also, it seems p0f is used a lot to identify hosts on the network...p0f is quite old and its signature files are out of date. I think ettercap would have been a better choice for os detection.
I'm still learning this, so I'll keep you posted.
This looks really good, I'm planning on setting SNORT and BASE over the weekend so I think I'll include this as well.
====================
Has anybody used SourceFire 3D got an email from SNORT about it this week:
http://www.sourcefire.com/resources/...sdemosnort0208
Yes, this is a very interesting project I have been fallowing and toying with in my spare time for the past few months. It seems it has gained more support and much more needed documentation. Trying a new clean install with 1.0.3 and see how this will go.
15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
1000HE EEE 30 gig SSD 2 gigs Ram
My recommendation is not to use the installer unless absolutely necessary, since there are a lot of features that would only be used in an enterprise environment.
dd if=/dev/swc666 of=/dev/wyze
Posting Permissions
