- Most Widely Used Host-based Intrusion Detection System
- Server Intrusion Detection for Every Platform
- Open Source HIDS
- Multiplatform HIDS
- PCI Compliance
What is Host-based Intrusion Detection System?
- Host-based intrusion detection systems are aimed at collecting information about activity on a particular single system, or host
- Monitors: “who accessed what,” ie. helping malicious or improper activities
- The term “host”refers to an individual computer, thus a separate sensor would be needed for every machine.
- These host-based agents, which are sometimes referred to as sensors, would typically be installed on a machine that is deemed to be susceptible to possible attacks.
- Sensors work by collecting data about events taking place on the system being monitored. This data is recorded by operating system mechanisms called audit trails
Possibilities using OSSEC:. It can perform..
- log analysis,
- integrity checking,
- windows registry monitoring,
- rootkit detection,
- real-time alerting
- and active response.
Cross-platform HIDS:. It runs on most operating systems like
- Mac OS X,
- and Windows.