Open Source Network Administration: All In One Single Tool!

August 9, 2009 12:10 pm · 0 comments

by Black

in Open Source,Security Reconnaissance,Security tools

Ossim a for Open Source Security Information Management. Network monitoring, security, correlation, qualification in one single tool.

965e655879ae4aa1ad45a80abccd1ddd Open Source Network Administration: All In One Single Tool!

All this information can be limited by network or sensor in order to provide just the needed information to specific users allowing for a fine grained multi-user security environment. Also, the ability to act as an IPS (Intrusion Prevention System) based on correlated information from virtually any source result in a useful addition to any security professional.

Ossim features

  • Arpwatch, used for mac anomaly detection.
  • P0f, used for passive OS detection and os change analisys.
  • Pads, used for service anomaly detection.
  • Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
  • Snort, the IDS, also used for cross correlation with nessus.
  • Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
  • Tcptrack, used for session data information which can grant useful information for attack correlation.
  • Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
  • Nagios. Being fed from the host asset database it monitors host and service availability information.
  • Osiris, a great HIDS.
  • OCS-NG, Cross-Platform inventory solution.
  • OSSEC, integrity, rootkit, registry detection and more.

    • What is Ossim

    Collaboration of network utility tools in one and in single web interface to mange all of them. monitoring tools includes control panel for high-level display, risk and activity monitors for mid-level monitoring, forensic console and network monitors at the low level.capabilities in SIM post-processing,objective is to improve detection reliability and sensitivity Correlation, Prioritization, Risk assessmenta number of detectors and monitors already known to most of the administrators IDS (pattern detectors),Anomaly detectors,Firewalls,Various monitors

    Ossim tool is a handly and useful tool for many non profitable, small,educational oragnisation, who cannot invest on network infrastucture , This tool is opensource and all necessary tools collaborated in one. 

    Whats New

  • Completely rewritten policy management.
  • Compliance modules.
  • New interface, enhanced usability.
  • Integrated knowledge database.
  • Added reporting server for custom user-generated reports.
  • Multiple profiles can be configured for distributed systems: sensors, server, database, etc…
  • Fully integrated package system providing frequent usability and security fixes.
  • Nessus -> OpenVAS migration.
  • Amazing packet capture speed improvements using PFRing (64 bit version only).
  • Now using OSSEC 2.x

    • Download OSSIM here 

    Searches leading to this post:
    get_aberrant_alarms, nessus vs thedude, open source network anomaly detection, opensource the dude, ossim and the dude, ossim modsecurity

    If you enjoyed this article, you might also like:

    Tagged as: , , ,

    Comments on this entry are closed.

    Previous post:

    Next post: