Transcription
OPEN SOURCE SECURITYINFORMATION MANAGEROSSIM
What is OSSIM OSSIM is an open source security system. OSSIM integrates more than 30 open source tools. OSSIM gathers events from any device or application. OSSIM includes a powerful correlation system. OSSIM can be integrated with any already deployeddevice or application in the network. OSSIM generates a wide number of metrics and reports. OSSIM is easily adaptable (Use what you need) OSSIM can be integrated with proprietary and opensource products.
What is not OSSIM OSSIM is neither a firewall nor a content proxy OSSIM is not a Security Linux Distribution (Backtrack,WifiSlax) OSSIM is not a product for home use OSSIM is not a simple software package (exe, rpm, deb.)which can be easily installed on any Operative System.
Advantages Freeware-no doubt about backdoors.customizable according to requirement.2300 data source plugins.Highly Scalable.High Redundancy/Availability.Provide security at every level. (IDS/IPS ,firewall, antivirusservers, proxy, Domain controller, VPN servers, web servers,OS ).Correlation (Cross correlation & Logical Correlation).Correlation Directives (200 )Risk calculationReporting
System Requirements RAM:4GB RAM Processor:64 bit processor LAN Card: e1000 network card
OSSIM in Real World
ArchitectureTypically OSSIM consists of four elements; Sensors(Detector Collector) Detector Generates events. Collector Collects and analyzes data using predefinedRegEx. Management Server The main Server tasks as Normalizing, Prioritizing,Collecting, Risk Assessment and Correlating engines The maintenance and external tasks, as backups, scheduledbackups, online inventory or scanning launching Database Front end Web Interface
How OSSIM Works Devices and/or applications generate security events(Detectors).Events are gathered by OSSIM collector.The collectors send normalized events to the OSSIMServer.The OSSIM Server does a risk calculation for every event.The events are correlated in the OSSIM Server.Events are stored in database.The Web Console offers access to all the informationcollected and generated by OSSIM.
How OSSIM Works
OSSIM Operation
OSSIM Operations
OSSIM Web Interface
Integrated Tools
Snort
Ntop
OCS
Nfdump and NFSen
NetFlow
Nagios
OpenVAS
OSVDB
OSSEC
NMAP
POf
Pads
ARPWatch
TCPtrack
Nepenthes
Sample Deployment
The EndThanks
System Requirements RAM:4GB RAM Processor:64 bit processor LAN Card: e1000 network card