DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations

Trending

  • CDNs: Speed Up Performance by Reducing Latency
  • How To Manage Vulnerabilities in Modern Cloud-Native Applications
  • Mainframe Development for the "No Mainframe" Generation
  • UseStringDeduplication: Pros and Cons
  1. DZone
  2. Software Design and Architecture
  3. Cloud Architecture
  4. How to Implement HIDS in the Cloud

How to Implement HIDS in the Cloud

The proposed architecture for OSSEC leverages the utilities that many enterprises either already have in use or can easily be deployed today.

Gaurav Purandare user avatar by
Gaurav Purandare
·
Mar. 03, 17 · Tutorial
Like (2)
Save
Tweet
Share
5.92K Views

Join the DZone community and get the full member experience.

Join For Free

This article is featured in the new DZone Guide to the Cloud: Native Development and Deployment. Get your free copy for more insightful articles, industry statistics, and more!

Ensuring system security is as important as ensuring overall application security. A Host-based Intrusion Detection Systems (HIDS) provides the ability to identify, detect, and notify any unanticipated system changes that might impact the security of the system. HIDS is a powerful tool to maintain security standards implemented across IT systems. The Open Source HIDS SECurity (OSSEC) tool is one of the more popular HIDS options around.

OSSEC Architecture

The OSSEC tool can be implemented in multiple ways and largely depends on your infrastructure: whether you have a fixed number of servers or you have infrastructure that is frequently scaled up or down.

Traditional server-agent model:

Image title

Application Tier 1..N 

The traditional server-agent model can be followed to monitor the servers with a lightweight agent installed on them, where all agents report to the central OSSEC manager (server) to analyze the events and to generate event notifications as appropriate. This model works quite well for small and large fixed setups. However, there are trade-offs:

  • Additional server management overhead. You need to manage the OSSEC server itself, along with its agents.

  • Adding or removing agent overhead. If you have a dynamic environment that involves frequent scaling of servers, then a custom solution is needed to automatically register and de-register the agents in the OSSEC server when scaling occurs.

  • Limited high availability of OSSEC server. There is an open feature request for making the OSSEC server highly available. Until this has been addressed, your best option is to keep a standby server with the configuration and data volumes replicated in real-time.

Local Model

The OSSEC can also be installed in a local model, where each server monitors itself. The local OSSEC installation eliminates maintenance overhead for the OSSEC server. In addition, each server reports incidents and unauthorized events.

Following, you will find the steps required to install and incorporate the local model OSSEC into a dynamic infrastructure. 

Read the rest of this article and a lot more in:Cloud Guide

DZone's Guide to the Cloud: Native Development and Deployment

Including:

  • Industry Research Data
  • Articles Written by Industry Experts
  • Cloud Architecture Infographic
  • Directory of the Best Tools & Solutions
Free Download
Cloud

Opinions expressed by DZone contributors are their own.

Trending

  • CDNs: Speed Up Performance by Reducing Latency
  • How To Manage Vulnerabilities in Modern Cloud-Native Applications
  • Mainframe Development for the "No Mainframe" Generation
  • UseStringDeduplication: Pros and Cons
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: