It will need to be 11 pages
. It must cover the use of OSSIM (Open Source SIEM) and Snort IDS for accomplishing vulnerability assessments and network security using an open source solution. Let me know if you can accomplish this paper, the instructor is very particular and grades strictly. As soon as you let me know whether or not you can assist then I will transfer funds. Here is some of the support information that needs to be incorporated into the paper.
Security challenges within Cyber often have information assurance managers working to verify that data and systems present within their enterprise are secure. The problem exists in the method of securing a network that changes from minute to minute. As information travels through the cloud and then enters into a network the goal of security managers is to identify information present within the network which could be malicious and attempt to mitigate potential effects associated with successfully accessing host within the network.
Open Source security solutions exist which can provide layers of defense for companies. Software such Open Source Security Information Manager (OSSIM) is a free tool that allows for remote sensing and geo-location devices within one dashboard used for management. Sourcefire provides an open source intrusion detection system (IDS) named SNORT and it has been accounted as being one of the leaders in sniffing hackers from within networks.
Open Source Security Solutions
The defense of systems from advanced persistent threats (APT) is no laughing matter. The 2013 data breach investigation report provides incidents where systems and networks have been successfully attacked by hackers. In this report the identification of those attacks shows that breaches regularly go unknown for months before being discovered by organizations (Verizon, 2013). Our goal is to identify the fashion which security could be provided through open source architecture and still provide a sound security solution to be used by small and large companies trying to protect their data. Use of OSSIM will be explained on how it provides security practitioners with a centralized method for correlation of network security indicators.
Methods for accomplishing vulnerability assessments within an enterprise will be expanded using OSSIM; integrated solutions such as Nessus and NMAP are key ingredients to providing information assurance (Lucas, 2008). The identification of network anomalies will be provided through the implementation of Sourcefire’s Snort provides security analysts with a dependable tool that can be used to scan network information. Snort is coupled with the identification elements which will be explained to provide information on traffic status, service availability associated within networks (Rehman, 2003).
Today companies cannot rely on the anti-virus software present within terminals, the intent should be to provide a security in-depth approach which provides layers of defense. Problems with securing a network typically begin with first evaluating the risk associated with the loss of the property. Companies will assess that loss and usually equate the amount of money available for protecting their asset. Cyber security is not cheap and finding solutions that evolve as the adversary changes their methods of attack often is like finding a unicorn.
Most companies cannot afford to exhaust vast amounts of resources on necessary security so they are left with searching for capabilities provided from systems such as OSSIM. Businesses such as Sourcefire provide a network security solution which was built on the premise of being open source; Snort is known as being the most used IDS within the industry. Today companies are scrambling to find solutions that will protect them today and in the future.
Bejtlich, R. (2013). The practice of network security. San Francisco, CA: No Starch Press.
The practice of network security provides techniques for using open source tools and expands on the principles of leveraging that information for security. Use of this reference is to capture some of the methodology used within intrusion detection and the use of OSSIM and a Snort based solution.
Bejtlich, R. (2005). The tao of network security monitoring: beyond intrusion detection. Boston, MA: Pearson Education, Inc.
Tao of Network Security monitoring covers the principles that most network analysts should be using for accomplishing forensics on layer 3 information. The goal referencing this book would be to use the information to provide how the data results presented by OSSIM could be used in a similar fashion as the methods explained in the book for accomplishing behavioral analysis.
Lucas, M. (2008, May 10). Ossim whitepaper. Retrieved fromhttps://alienvault.bloomfire.com/posts/638274-user-interface-guide/public
OSSIM whitepaper really walks individuals on some of the ways that OSSIM can be used for intrusion analysis and vulnerability analysis. My intent of using this whitepaper would be to show how Snort and the vulnerability analysis capabilities could complement each other and how incident responders would be able to quickly pivot from information gathering to countering the attack.
Northcutt, S. (2004). Snort 2.1 intrusion detection. (2nd ed.). Rockland, MA: Syngress Publishing, Inc.
Snort Intrusion detection gets into inner working of the Snort IDS. The fashion which Snort captures network information and presents analysts with information to act on is the reason for using this source. I plan to cover how things work within Snort and allow for general analysis to take place using this tool.
Rehman, R. U. (2003). Intrusion detection systems with snort. Upper Saddle River, Nj: Prentice Hall PTR. Retrieved from http://ptgmedia.pearsoncmg.com/images/0131407333/…/0131407333.pdf
Intrusion detection systems with Snort goes deep into tactics for attempting to find the advanced persistent threat using Snort. I was planning to use the policies and division of zones as part of the way that I would tie OSSIM information feedback when alerts trigger for Sort. This reference would allow for the examples of configuration changes that could be made to identify malicious activity using both OSSIM and Snort