Detecting Intrusions with your Firewall Log and OsHids
By secgeek - Posted on April 25th, 2006
141
vote
A lot of articles have been published about IDSs, categories of IDSs (Network- Based, host-Based), IDS signatures and etc; but, what I have noticed is that people always forget the basic methods of intrusion detection. They think that the only way to detect an attack is using some tools like Snort, Portsentry or any other commercial IDS (the commercial term).
Actually, any device or software that is able to detect an attack (or system misuse) can be called an IDS. If you have a little shell script that looks for anomalies on your log files, you have an IDS (not very complete, but it is one).
In this article we are going to talk about one of the basics, but powerful, methods of Intrusion Detection: Firewall’s Log analysis. Although a firewall generates a lot of log, being difficult to analyze it, you can use the OsHids tool to monitor your logs (generating an easy to view log in html with an PHP interface) and help you visualize any attempt to bypass your firewall policy.
http://www.infosecwriters.com/text_resources/pdf/oshids-fw.pdf
Bookmark/Search this post with:
Trackback URL for this post:
http://secgeeks.com/trackback/115
Similar entries
- IDS and IPS Placement for Network protection by Robert Drum
- Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market? by Craig Gosselin
- Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market? by Craig Gosselin
- Log Analysis for Intrusion Detection by Daniel B. Cid
- Why Signature Detection Fails.
Recent comments
30 weeks 5 days ago
33 weeks 2 days ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 18 weeks ago
1 year 34 weeks ago
2 years 25 weeks ago
2 years 26 weeks ago
2 years 28 weeks ago