"Introduction to OSSEC : Log Analysis and Host Intrusion Detection"
Written by Webmaster Rob
Jan 13, 2010 at 11:31 AM
Question : "What is the most important task in information security that is most often neglected?"
Answer : "Log Review."
Every infosec professional agrees that log review is important, but not so many are checking their logs on a daily basis... Why this discrepancy? Probably because log review is tedious, time consuming, and it is deemed boring in general. Several tools exist to manage the massive flood of messages that is generated on a daily basis but they either cost a lot of money, take a long time to implement or don't cover all the systems in your infrastructure.
Enter OSSEC, an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOSX, Solaris, HP-UX, AIX, BSD and even Windows. It supports logfiles from operating systems, network devices, databases and lots of other popular applications. And, not unimportant in times of budget cuts : it is free (with paid support available).
By using OSSEC, you can gain massive end-to-end insight in your infrastructure. Join us to explore the astonishingly flexible and impressive feature-set of this free software!
The company Bull is kindly providing the venue as well as food and beverages.
I hope to see you at this very interesting event!
Kind Regards Tomas Vanhoof ISSA Brussels-European Chapter VP & Education + General Events Officer
Practical Event Details :
Date : Thursday January 21st, 2010
Agenda : 1800h : Welcome with food and beverages 1830h : "Introduction to OSSEC - part 1" 1930h : short break 1945h : "Introduction to OSSEC - part 2" 2045h : networking drink 2130h : end of the event
Place : Bull NV/SA, Parc Seny, Papiermolenstraat 51 Rue du Moulin à Papier, 1160 Brussels (Oudergem)
Parking : you need to park your car by the side of the road
Registration procedure :
PLEASE NOTE THAT THERE ARE ONLY FORTY (40) SEATS AVAILABLE! YOU ARE OBLIGED TO FOLLOW THE REGISTRATION PROCEDURE!
Registration for the event is free but mandatory. In case there would be more registrations than available seats (forty), ISSA members in good standing will be favoured over other people in a ratio of 70% Members to 30% non-members. Early registrants will have precedence over late registrants. Registration starts as of November 23rd. Members as well as non-members register by e-mailing their contact details (name, surname, company/organisation, ISSA Membership Nr) to mentioning "Introduction to OSSEC" in the subject line.
Registration starts as of Wednesday January 13th, 2010 and ends on Thursday January 21st, 2010 at 1200hrs CET. People that have been put on the waiting list receive their eventual acceptance / refusal on Thursday January 21st, 2010 around 1400hrs CET.
If your registration was confirmed, but you can't make it eventually, please inform us via in order to give someone from the waiting list the opportunity to attend.
Abstract :
"Introduction to OSSEC : Log Analysis and Host Intrusion Detection"
Log review is a necessity to maintain a healthy and secure information infrastructure. Choosing the product that covers all of your infrastructure isn't an easy feat though. Or they are too expensive, don't provide the features you need or do not support some of the systems you have. OSSEC, an open source (host-based) intrusion detection system, allows you to analyze any log generated by any system and lets you customize how it should be handled. In this 2 hour presentation, we will explore the OSSEC installation, it's rich feature set and how you can gain insight in your infrastructure like you have never had before.
Bio :
Wim Remes is working for BULL NV/SA in Belgium, being an Information Security Consultant with broad experience both in network and application security. With 12 years in information technology behind him, with successful projects in several industries, he is constantly looks forward to continue to advance the security posture of his clients by implementing tailor-made solutions with a mixture of off the shelf and open source products. For Wim there isn't really a standard solution, since there isn't such a thing as a standard information infrastructure. Finding the solution to a certain problem is what provides Wim with the satisfaction needed to continue.
Wim regularly contributed to www.securitycatalyst.com and maintains his own blog on blog.remes-it.be, He was the host of the Brucon podcast and a volunteer for the Brucon Security Conference.
Wim gave a presentation about OSSEC at the first Excaliburcon Security Conference in Wuxi (China) in November 2009.
We would like to inform you about our board election results, upcoming events and member benefits.
At our last annual General Members Meeting, we elected a new board. Our new board composition is as follows:
President: Bart Moerman
Treasurer: Xavier Serret Secretary: Thomas Herlea Membership: Tom Van den Eynde
Vice President: Rob Kloots Vice President: Toon Mordijck
Communications: Tom Van den Eynde Education & General Events: Clément Herssens
Website: Rob Kloots External & Public Relations: Bart Moerman
Sponsorship: Johan Meire
Hello all,
There is now a "Brussels European" community where we can: - announce our next events - post documents (presentations, forms, ...) - create and manage discussions - ...
On behalf of the board of ISSA-BE I wish you all a happy new year. In expectations for your security career I will not wish you anything specific. So much as the one security professional hopes his network will remain hacker free, so much another one wishes to have a successful hack to obtain a better budget.
2009 has been the year of the financial crisis. As a security association we also felt that. Thanks to you all we could maintain our membership pretty well in these times. The effect we see is on the time board members have spare to spent on the association. Indeed, the professional involvement was at the detriment of the time available for hobbies like ISSA-BE.
We are now early 2010 and your organisation is continuing with the organisation of new events which will address a variety of professional interests. And to be able to further expand we would like to get more board members, professionals who are willing to spare some time for their colleagues and their professional career. Yes, not only do you have the opportunity to organise interesting events; you also are able to do develop your personal competences. For those who have a CISSP certification, the board activities count for your CPEs!
ISSA-BE has its annual elections in March. Don’t wait till then to become a candidate for the board. Already start now: contact us and join a board meeting to get the feeling of it. Get in touch with one of the board members.
Howard Schmidt is the current president of ISSA.org.
Today the White House announced the President’s new White House Cybersecurity Coordinator, Howard Schmidt.
Howard Schmidt, is the information security expert who President Obama tapped Tuesday as his cybersecurity coordinator and who served as a senior cybersecurity adviser in the Bush administration. He is characterized as a no-nonsense leader who will take no guff from senior White House advisers in advancing the administration's cybersecurity initiatives.
SecAppDev 2010 is an intensive one-week course in secure application development. secappdev.org is a non-profit organization dedicated to improving security skills and awareness in the developer community. The course is a joint initiative with K.U. Leuven and Solvay Brussels School of Economics and Management.
SecAppDev 2010 is the 6th edition of our widely acclaimed course, attended by an international audience from a broad range of industries including financial services, telecom, consumer electronics and media and taught by leading software security experts including
- Dr. Gary McGraw, the Cigital CTO and prolific author. - Prof. dr. ir. Bart Preneel who heads COSIC, the renowned crypto lab. - Ken van Wyk, co-founder of the CERT® Coordination Center and widely acclaimed author and lecturer. - Dr. Richard Clayton of the University of Cambridge Computer Laboratory's security group, well known for his research on security economics. Replacement speaker under way.
The course takes place from February 22nd to 26th2010 in the Groot Begijnhof, Leuven, Belgium, a UNESCO World Heritage site.
For more information visit the web site: http://secappdev.org.
Places are limited, so do not delay registering to avoid disappointment. Registration is on a first-come, first-served basis. A 10% discount is available to paid-up ISSA members.
Flexible Education Solutions for IT Management professionals: Four executive seminars starting Mid-January 2010 at Solvay Brussels School-EM:
Basic principles for the development of Applications and e-Business systems. This module addresses security issues, implementation methodologies, and presentation of usual technical platforms.
ISSA-BE would like to inform you about the following training opportunities for which our members can receive discounts:
BCM Academy
Courses Summer / Fall 2009
Certified Business Continuity Manager : 12 modules spread over 4 months Start: September 17 2009 Price: € 5.988 excl. vat (excl. hotel and dinner)
Business Continuity Management Foundation: 5 consecutive days incl. lunch Dates : October 5-9 Price: € 2.495 excl. vat (excl. hotel and dinner)
Crisis Management & Communication: 2 consecutive days incl. lunch Dates : October 1-2, December 7-8 Price: € 1.395 excl. vat (excl. hotel and dinner)
Business Continuity Management Essentials: 2 consecutive days incl. lunch Dates: September 28-29, December14-15 Price: € 1.395 excl. vat (excl. hotel and dinner)
Workshops Summer School 2009 1 day incl. lunch Crisis management : July 8 or August 19 Business Impact Analysis : July 9 or August 20 BS25999 : Juli 10 juli or August 20 Price: € 395 excl. vat per workshop
ISSA members receive a 10% discount on all offerings.
BCM Academy is het toonaangevende Europese Kennis Management Instituut voor Business Continuity, Disaster Recovery & Crisis Management. Het instituut beschikt over een uniek en breed aanbod van opleidingen, bewustwording, trainingen, diensten en oefeningen met betrekking to Business Continuïteit, Disaster Recovery en Crisis Management. Ons doel is aantoonbaar en blijvend gericht op de duurzaamheid, continuïteit en stabiliteit van uw bedrijf of uw organisatie.
BCM Academy verzorgt eveneens de certificering van het individu en accreditering van uw organisatie.
Cursusaanbod zomer en najaar 2009
Certified Business Continuity Manager : 12 modules verspreid over 4 maanden. Startdatum : 17 september 2009 Prijs : € 5.988 excl. btw (excl. hotel en diner)
Business Continuity Management Foundation 5 opeenvolgende dagen incl. lunch Data : 5 t/m 9 oktober Prijs : € 2.495 excl. btw (excl. hotel & diner)
Data : 1-2 oktober, 7-8 december
Prijs : 1.395 excl. btw (excl. hotel & diner)
Business Continuity Management Essentials 2 opeenvolgende dagen incl. lunch Datum : 28-29 september, 14-15 december
Prijs : € 1.395 excl. Btw (excl. hotel en diner)
Disaster Recovery Essentials
3 opeenvolgende dagen incl. lunch
Datum : 29 juni t/m 1 juli
Prijs : € 1.695 excl. Btw (excl. hotel en diner)
Workshops Summer School 2009 1 dag incl. lunch
· Crisismanagement : 8 juli of 19 augustus · Business Impact Analyse : 9 juli of 20 augustus · BS25999 : 10 juli of 20 augustus
Prijs : 395 excl. btw per workshop
Alle opleidingen worden volledig ingericht op kleinere groepen van overeenkomstig kennis- en ervaringsniveau.
Contact & inschrijvingen Voor verdere informatie of gericht advies nodigen wij u graag uit contact op te nemen met
ISSA Leden hebben bij inschrijving recht op 10% korting.
Just as we hit the Infosecurity.be fair, and as a small reminder for all of you, check out a brief overview of current additional benefits you get when becoming a member of ISSA-BE.
Lancelot Insitute offers a 10% discount for ISSA members when registering for CISM and CISSP trainings.
The Lancelot Institute will be present at Infosecurity.be 2009 today and tomorrow at booth 08.A051. The Institute states that high quality trainings and resources should be available to all professionals and orgnaisations willing to develop themselvers. Their complete business model is built on that principle. Their trainers have experience in the most advanced security environments all over the world. Not just the 'what', yet also the "why and the how" are presented. Security measures are taken not just because they are possible, but because they add value. They do not avoid tough discussions with attendees, but, ont the contrary, stimulate them. Attendees are received in inspiring training locations, equipped with all modern facilities. All of this is said to be delivered agains investments that are considerably lower than elsewhere.
So, 10 % discount for ISSA members for these two training scheduled in Brussels..
Interested? Request information or enroll by using this
link:
FAQs - Member benefits 
