Host Integrity Monitoring Using Osiris and Samhain

PRObooks

Host Integrity Monitoring Using Osiris and Samhain

After spending months developing a killer e-commerce sitewith the latest cutting edge .NET security techniques, placing your hard workon an insecure, unmonitored server practically negates all the effort that wentinto securing the codified business logic in the first place. While firewalls,DMZs, and Intrustion Detection Systems (IDS) help to retard infiltration byunscrupulous individuals, little can be done if said entity exploits a systemweakness and rootkits (takes over administrative capacity) the server.

Host Integrity Monitoring (HIM) is a security managementtechnique that continuously checks the integrity of critical system andapplication files for any modification, and immediately logs and alerts thedesignated monitoring administrator of such activities. Thus, although aninfiltration may have been successful and unauthorized changes to files mayhave been made, HIM systems can be used to set a baseline of known files andthen identify what files were altered so they can be easily tagged and fixed toprevent worms and rootkits from taking control.

Host IntegrityMonitoring Using Osiris and Samhain by Osiris author Brian Wotring ispresented in two parts. The first half of the book explains why HIM is critical for any server connected to today s harshInternet environment, as well as how HIM works. The second half of the booktalks about two open source HIM systems, Osiris andSamhain. For .NET developers and system administrators, Osiris is the onlychoice because it is the only one of the two that sports a native Windowsserver agent. In addition to providing centralized host integrity monitoringfor both Unix and Windows environments, Osiris relieson SSL to communicate between the agent, console, and command-line interfacecomponents. Chapter 5 provides an excellent comparison between the two featuredHIM systems.

The question readers may ask is dothey need to spend nearly $50 to use a free utility that has most of theoperating documentation found in the distributed product? The answer is yes,for a couple of reasons. First, Wotring does an excellent job in the first partof the book explaining why HIM systems are critical, as well as how toarchitect such systems into an already well managed networked serverenvironment. The book also contains detailed walkthroughs of both Osiris andSamhain configuration files (Samhain configurations being particularlyconvoluted because of its Linux/Unix config file orientation) and, most valuably,the interpretation of the logs each application generates. Understanding andacting upon these outputs are why HIM systems exist in the first place.

Even for that enterprise-level .NET developer who defersserver security to the infrastructure group, this and other Syngress titlesprovide a great education for the complacent coder who thinks it s not myproblem. Without a HIM system in place, it will immediately become that coder sproblem as they ll be the ones determining if their code was modified by theperpetrator. Those with a HIM system in place will be able to know exactly whatwas affected, replace the malicious code, and sleep easier at night.

Mike Riley

Rating:

Title: Host Integrity Monitoring Using Osiris andSamhain

Author: BrianWotring

Publisher: SyngressPublishing, Inc.

ISBN: 1-597490-18-0

Web Site: http://www.syngress.com/catalog/?pid=3300

Price: US$44.95

Page Count: 450