OPEN SOURCE SECURITY INFORMATION MANAGER · 2013. 7. 5. · What is not OSSIM OSSIM is neither a...

30
OSSIM OPEN SOURCE SECURITY INFORMATION MANAGER

Transcript of OPEN SOURCE SECURITY INFORMATION MANAGER · 2013. 7. 5. · What is not OSSIM OSSIM is neither a...

  • OSSIM

    OPEN SOURCE SECURITY

    INFORMATION MANAGER

  • What is OSSIM

    OSSIM is an open source security system.

    OSSIM integrates more than 30 open source tools.

    OSSIM gathers events from any device or application.

    OSSIM includes a powerful correlation system.

    OSSIM can be integrated with any already deployed

    device or application in the network.

    OSSIM generates a wide number of metrics and reports.

    OSSIM is easily adaptable (Use what you need)

    OSSIM can be integrated with proprietary and open

    source products.

  • What is not OSSIM

    OSSIM is neither a firewall nor a content proxy

    OSSIM is not a Security Linux Distribution (Backtrack,

    WifiSlax)

    OSSIM is not a product for home use

    OSSIM is not a simple software package (exe, rpm, deb...)

    which can be easily installed on any Operative System.

  • Advantages

    Freeware-no doubt about backdoors.

    customizable according to requirement.

    2300+ data source plugins.

    Highly Scalable.

    High Redundancy/Availability.

    Provide security at every level. (IDS/IPS ,firewall, antivirus servers, proxy, Domain controller, VPN servers, web servers, OS ).

    Correlation (Cross correlation & Logical Correlation).

    Correlation Directives (200+)

    Risk calculation

    Reporting

  • System Requirements

    RAM:4GB RAM

    Processor:64 bit processor

    LAN Card: e1000 network card

  • OSSIM in Real World

  • Architecture

    Typically OSSIM consists of four elements;

    Sensors(Detector + Collector)

    Detector Generates events.

    Collector Collects and analyzes data using predefined RegEx.

    Management Server

    The main Server tasks as Normalizing, Prioritizing, Collecting, Risk Assessment and Correlating engines

    The maintenance and external tasks, as backups, scheduled backups, online inventory or scanning launching

    Database

    Front end Web Interface

  • How OSSIM Works

    Devices and/or applications generate security

    events(Detectors).

    Events are gathered by OSSIM collector.

    The collectors send normalized events to the OSSIM

    Server.

    The OSSIM Server does a risk calculation for every event.

    The events are correlated in the OSSIM Server.

    Events are stored in database.

    The Web Console offers access to all the information

    collected and generated by OSSIM.

  • How OSSIM Works

  • OSSIM Operation

  • OSSIM Operations

  • OSSIM Web Interface

  • Integrated Tools

  • Snort

  • Ntop

  • OCS

  • Nfdump and NFSen

  • NetFlow

  • Nagios

  • OpenVAS

  • OSVDB

  • OSSEC

  • NMAP

  • POf

  • Pads

  • ARPWatch

  • TCPtrack

  • Nepenthes

  • Sample Deployment

  • The End

    Thanks…


BackTrack – Testing Wireless Network Security

BackTrack – Testing Wireless Network Security

OSSIM – Objective 2

OSSIM – Objective 2

Backtrack & Oracle

Backtrack & Oracle

BACKTRACK 2012 Installation Guide - Supportsupport.efficientbi.com/wp-content/uploads/BACKTRACK-Installation... · BACKTRACK install, a message appears to inform you that BACKTRACK

BACKTRACK 2012 Installation Guide - Supportsupport.efficientbi.com/wp-content/uploads/BACKTRACK-Installation... · BACKTRACK install, a message appears to inform you that BACKTRACK

Backtrack 5

Backtrack 5

Advanced Attack Detection Using OSSIM

Advanced Attack Detection Using OSSIM

Lab 14: Discovering Security Threats and Vulnerabilitieslpc1.laspositascollege.edu/lpc/mdaoud/CNT69/NETLABS... · 2019-01-15 · BackTrack 4 External Attack Machine 10.10.19.148 BackTrack

Lab 14: Discovering Security Threats and Vulnerabilitieslpc1.laspositascollege.edu/lpc/mdaoud/CNT69/NETLABS... · 2019-01-15 · BackTrack 4 External Attack Machine 10.10.19.148 BackTrack

OSSIM Overview

OSSIM Overview

Backtrack tutorial

Backtrack tutorial

How can OSSIM help you with your PCI DSS Wireless ... · How can OSSIM help you with your PCI DSS Wireless requirements? Topics ... OSSIM What is Ossim? Alienvault SIEM ... Ossim

How can OSSIM help you with your PCI DSS Wireless ... · How can OSSIM help you with your PCI DSS Wireless requirements? Topics ... OSSIM What is Ossim? Alienvault SIEM ... Ossim

WiFi Backtrack - Cyber Security Certifications

WiFi Backtrack - Cyber Security Certifications

Backtrack ppt

Backtrack ppt

My backtrack

My backtrack

OSSIM User Training: Get Improved Security Visibility with OSSIM

OSSIM User Training: Get Improved Security Visibility with OSSIM

Presentación de PowerPoint - caivirtual.policia.gov.co · AlienVault OSSIM, AlienVault OSSIM, OpenVAS, Help Net Security, Darknet 5. Malware Defenses. PlagueScanner, Group Policy,

Presentación de PowerPoint - caivirtual.policia.gov.co · AlienVault OSSIM, AlienVault OSSIM, OpenVAS, Help Net Security, Darknet 5. Malware Defenses. PlagueScanner, Group Policy,

SIEM Overview with OSSIM Case Study · SIEM •SIEM = Security Information and Event Management •Collects security information from multiple sources; internal and external to an

SIEM Overview with OSSIM Case Study · SIEM •SIEM = Security Information and Event Management •Collects security information from multiple sources; internal and external to an

About Backtrack

About Backtrack

OSSIM Overview - ndiastorage.blob.core.usgovcloudapi.net · OSSIM 3 Open Source Geospatial Foundation OSSIM High Performance Geo-spatial Image Processing Open Source Software Distribution

OSSIM Overview - ndiastorage.blob.core.usgovcloudapi.net · OSSIM 3 Open Source Geospatial Foundation OSSIM High Performance Geo-spatial Image Processing Open Source Software Distribution

OSSIM Desc En

OSSIM Desc En

OSSIM-School of Security and Intelligence Management

OSSIM-School of Security and Intelligence Management