Setup OSSIM With Linux and Windows OSSEC Agents

This is a very basic tutorial on how to install a both Linux based and Windows based OSSEC agents and to have those agents communicate with OSSIM. This DOES NOT include active response.  I will discuss active response and walk you through the OSSEC configuration with active response in a later video. Please be gentle… this is my first video tutorial.  If you have any suggestions on how I can improve my tutorials, please send them my way.  Any help would be much appreciated.  [Looking for a good tool for screen recording.] The following information is to be supplemented with the video: 1. Connect to your OSSIM box and “Jailbreak this Appliance” to get a shell. 2. Add agents (/var/ossec/bin/manage_agents) 3. Connect to your Linux (CentOS) box and add the necessary repositories (epel, remi, atomic) wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm wget -q -O – http://www.atomicorp.com/installers/atomic | sh 4. Install the OSSEC Agent yum install ossec-hids-client 5. Configure OSSEC agent (/var/ossec/bin/ossec-configure) 6. Add the server IP to the conf file (/var/ossec/etc/ossec.conf) 7. Import the agent key. [Extract the key from OSSIM] [Import the key into the agent] 8. Start OSSEC (/var/ossec/bin) ./ossec-control start 9. On your windows box,…

continue reading

Your Brand Threatened: How Negative SEO and Social Media Security Affect You

It often goes unsaid, that social media and search engine optimization can actually hurt a business. Crazy idea right? Everyone and their mother is out there spending countless man hours and eviscerating their marketing budgets on these two very lucrative strategies to gain new customers and clientele. However; the threat landscape is evolving, and part of that real estate is your piece of the pie. Your social media presence and your search engine visibility are at risk, which ultimately puts your brand at risk. It didn’t take much to influence this post. Especially, since I have seen a 60% increase in the number of social media related attacks in the first 10 months of 2013 alone. I am going to briefly discuss why each outlet is used to improve brand visibility and popularity without going too far in depth, and then discuss what is at risk, who is targeting you, and what you should include in your strategy to defend against and mitigate such attacks. If the tree falls and no one is around to hear it… For those of you who live in the stone age, here is a little primer on the subject matter. Social Media and SEO…

continue reading

The Difference Between Defense and Protection

Having spent the better part of last year being overwhelmed with new security products and initiatives, I wanted to spend a little time discussing my standpoint on security and to provide others with some insight as to how I have come to this conclusion. Long story short – Most (nearly all) of my clients have been looking to improve their overall security posture. This is undoubtedly sparked by the surge of media attention surrounding the ever growing number of data breaches throughout 2012 and 2013. For any consultant, it is a wonderful phenomena that occurs when a client actually wants to embrace security and take it seriously, but it’s not as simple as it sounds. Where am I going with this? There is a clear misconception as to what the meaning of defense and protection actually are. Many vendors that you will encounter are in the business of selling tools. Many of them good, and many of them not so good, but at the end of the day they are just that… tools, and a sales pitch is just that… a sales pitch. I find that more and more organizations are buying into the protection ploy that they can bolt…

continue reading

Welcome to my personal blog…

Thanks for checking out my blog. Just sharing personal experiences in the realm of information security, and ethical hacking, some of my published work, and some convoluted infosec ranting. Note: The use of ellipses… yes… those.  I use them a lot. – James

continue reading
12