I found this neat, comprehensive open-source security/network tool from reading this article. Ossim stands for Open Source Security Information Management. There’s also screenshots available.

Here’s a snippet of what this tool contains:

* Arpwatch, used for mac anomaly detection.
* P0f, used for passive OS detection and os change analisys.
* Pads, used for service anomaly detection.
* Nessus, used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
* Snort, the IDS, also used for cross correlation with nessus.
* Spade, the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signature.
* Tcptrack, used for session data information which can grant useful information for attack correlation.
* Ntop, which builds an impressive network information database from which we can get aberrant behaviour anomaly detection.
* Nagios. Being fed from the host asset database it monitors host and service availability information.
* Osiris, a great HIDS.

This entry was posted on Wednesday, May 23rd, 2007 at 9:44 pm and is filed under Security, UnderpaidLoveMonki, Web. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.