HOST-BASED INTRUSION DETECTION USING OSSEC

What is Ossec :

It claims to be the world’s most widely used open-source host-based intrusion detection system. In short, we can call it HIDS. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting, and active response. This is made up of two parts: Ossec server and Ossec agent. The Ossec server is used to monitor other servers that we call Ossec agents. At any time, an agent can be added to the Ossec server for its monitoring and can be removed. For that, server and agent connections need to be established, which we will be discussing. It also provides a Web interface for showing all alerts, logs, and agent information.

Possible scenarios that you might face of Intrusion on your servers:

1) Attacker launched a brute force attack against your machine. Now you need to track him. For that, you need his IP address. First, on your Ossec server, do:

cat/var/ossec/logs/alerts/alerts.log

Where you find Source IP against the alert of SSH insecure connection attempt rule. Secondly, we can get it from a UI-based alert.

Continue reading “HOST-BASED INTRUSION DETECTION USING OSSEC”

Basics of Amazon Route 53 [Part -1]

What is Amazon Route 53?

Amazon Route 53 is a highly available and scalable authoritative cloud Domain Name System (DNS) service. It connects the Internet traffic to appropriate servers hosting the requested Web application. In addition, route 53 also facilitates health-checking and domain name registration of services. The design of route 53 aims at providing a highly reliable and cost-effective approach for routing end-users to Internet applications. Why the name Route 53! AWS Route 53 takes its name from the Port 53, which handles DNS for both the TCP and UDP traffic requests, the term Route may signify the routing, or perhaps the popular highway naming convention in the USA.

Continue reading “Basics of Amazon Route 53 [Part -1]”