Shulou(Shulou.com)06/03 Report--

The following is from the preface to "OSSIM Best practices for Open Source Security Operations and maintenance platform"

Http://wenku.it168.com/d_001656004.shtml

Media recommendation

(rank first or later)

51CTO recommendation

Having known Chenguang for nearly ten years, he has watched his network management practice level improve day by day, and also witnessed his persistence and fruitful achievements in the collation and dissemination of knowledge and skills over the years. Chenguang's articles and works have obvious characteristics: combined with practice, plain and heavy, and a lot of practical information, so they are loved by readers. Before the publication of this book, Chenguang had already published more than 60 OSSIM blog posts, so we can imagine the depth of his accumulation for the publication of this book. I believe that you will gain a lot from reading this book!

Yang Wenfei, chief editor of 51CTO

51CTO recommendation

Mr. Li Chenguang is a 51CTO expert blogger and a well-known lecturer at 51CTO College. His articles have been paid close attention to and recognized by his peers, have won a number of honors, and his courses are deeply loved by students in the college. The new book "Open Source secure Operation and maintenance platform-OSSIM Best practices" is a summary and summary of Mr. Li's 10-year practical experience in developing applications in the field of OSSIM. All the knowledge and examples in the book come from the complex production environment in large enterprises, and give solutions to various problems. I believe this book will be deeply supported by the majority of readers.

51CTO Community, 51CTO College

CSDN recommendation

It is a shame that as a machine installer in the computer room, it took Google a long time to figure out what is meant by OSSIM. The scene of painstakingly installing and testing Nagios and Snort in the computer room is still fresh in my mind, so it is naturally cordial to read teacher Chenguang's "Open Source Security Operation and maintenance platform-OSSIM Best practices".

As far as I understand it, OSSIM is the systematic and engineering result of security operation and maintenance after it has developed to a certain stage, emphasizing the cooperation between independent security applications. This puts forward high requirements for users: not only to be familiar with the usage of each application in the system, but also to be clear about the flow of security information in the whole system, and the accurate location after something goes wrong. This requires not only a lot of practice, but also the accumulation of experience. The content of this book can help you understand this complex system more quickly. What is more rare is that the book contains a lot of sharing of best practices, which is also a good reference for readers with certain experience.

The author Chenguang teacher has worked hard in the field of safety operation and maintenance for many years, and the contents of the book are all practical experience summed up in years of work. It is not only the first work in China to systematically explain the theory and practice of OSSIM, but also a rare material for aspiring operation and maintenance personnel in their growth.

However, it is a great pity that the concept of systematic security operation and maintenance in China is not popular. when it comes to OSSIM, it is estimated that not many people know what it is, let alone why. I hope that teacher Chenguang's book can be understood and studied by more people, and can really help the brothers who struggle in the front line. I think this is also the wish of every CSDN.

Li Shen, Director of Community Operations of CSDN, Director of CSDN College

IT168 recommendation

For many years, Mr. Li Chenguang has been a mentor and helpful friend of many friends in the IT circle. The article has always been clear in structure, flat in layout, solid in technical content, and benefited a lot after reading. I am glad to hear that teacher Li Chenguang will publish a new work. I think it will be another experience journey of technical sublimation. Under the author's description, OSSIM, a new security operation and maintenance architecture that is still in its infancy, is coming and cannot be put down. There are three reasons: first, the information security market has never had anything to do with open source. Whether SIEM or SOC, it has been popularized and practiced in China for some time, but it has been lukewarm, and it is accidental or inevitable to catch up with open source in order to understand it; second, as the author said, "this book is not a secret book of magical merit", only to lay out experience and answer questions for readers. And information security is a balance problem for enterprises, security operations and maintenance staff how to find the best balance support in the rapidly changing dynamics, precisely need to be inclusive; third, come to think of it, the data-driven wave may not be far away, the holographic ecological control of security threats, play is the collection and analysis of data, events and risks, it is not difficult to choose whether to attack actively or passively. As a presenter, I can only talk about some superficial opinions, which are prefaces.

Chen Yidong, deputy editor-in-chief of IT168 enterprise level

ChinaUnix recommendation

Chenguang is an expert blogger on ChinaUnix. He has worked in the field of Unix/Linux for many years. He has published many high-quality technical articles and Linux teaching videos on ChinaUnix, which are deeply loved by netizens. The book "Open Source Security Operation and maintenance platform-OSSIM Best practices" is a summary of his research achievements for many years, and it is also the first book on open source security operation and maintenance in the industry. it uses a large number of examples to vividly explain the installation and use of OSSIM, analyzes core technologies such as OSSIM association analysis, and introduces the author's many years of research achievements and practical experience on OSSIM technology, which broadens readers' horizons. It will be of great benefit to improve the technical level. If you are engaged in system operation and maintenance and are interested in online sense of security, we highly recommend this book.

ChinaUnix community

Recommended by experts from Qiming Star

Security Information and event Analysis (SIEM) technology has been introduced into China for more than ten years, but just like the Security Operations Center (SOC) with SIEM as its core, because of its dazzling halo, its development in China has always been a mixture of joys and sorrows. To investigate the reason, a very important point is that SIEM is a comprehensive technology of security analysis, which involves a wide range of areas, high complexity and high requirements for users, while the development of domestic information security industry and security operation and maintenance system are not yet fully mature. However, as the core technology of security operation and maintenance, security incident analysis is irreplaceable, and it is the inevitable choice for information security construction and security operation and maintenance of enterprises and organizations. In this context, there is an urgent need for a series of related books to spread and promote related technologies. This book is undoubtedly an important work in the field of domestic security incident analysis technology.

From a global point of view, the development of SIEM technology has become mature, with a market size of nearly $1.7 billion in 2014, with commercial companies occupying most of the market. Among them, OSSIM is the only successful open source SIEM. Since the release of the first version in 2003, OSSIM has developed for 12 years, which shows its strong vitality. AlienVault, which is based on OSSIM, has become a well-known company in the field of SIEM.

As an open source security operation and security event analysis platform, OSSIM integrates a variety of open source security tools, and can dock with a large number of commercial security products. At the same time, it also has a strong expansion ability, so it has really become an open platform for security operation and maintenance. Mr. Li Chenguang is a domestic authority in the field of OSSIM. He has a deep understanding of security operation and maintenance and has rich practical experience. His practical achievements for many years are collected in the book, which is very rare. Learning OSSIM from Morninglight can not only improve the actual combat ability of security operation and maintenance, but also help to understand the security operation and maintenance system and the operation principle of security incident analysis.

Ye Peng Qiming star Taihe SOC product director and SOC evangelist

Linux China recommendation

Since 2011, I have been working on network security in telecommunications systems. During this period, I have come into contact with many corporate customers, including central enterprises and small and medium-sized companies. It is found that in many cases, enterprises are unable to cope with the changes brought about by the popularization of information technology. Larger enterprises, their enterprise information is also relatively perfect, in addition to a large number of servers, terminal computers, network equipment, there are also a variety of special equipment and software for network security, but, with the expansion of the scale of equipment management, information collection will become more and more inefficient, often resulting in a variety of equipment assets can not play a timely and effective role. In the face of a large number of IT device management in enterprises, including asset management, network monitoring, vulnerability management, * detection, and so on, there are various management standards and corresponding software and hardware devices, so does the increase of these management systems further aggravate the bloated information? In the past, there were one or even several systems to manage each subdivision, but these systems could not coordinate and share information, which often led to self-contradiction and made managers at a loss as to what to do. At that time, there seemed to be no comprehensive and reliable solution to these problems.

For example, a large state-owned bank specially deployed IDS and IPS devices in addition to firewalls to deal with network security risks, but then found that all kinds of events and news flooded in, drowning the really valuable information in all kinds of information noise. Because it can not effectively reduce the interference of irrelevant or routine information according to the actual situation of the enterprise, the routine reports sent every day really become "routine". As a result, it just increases the number of unread messages in a folder in the inbox.

So, how to extract the key information timely and accurately from the complicated information? How to connect each device and function consistently and completely from all aspects? Lucky enough to know Chenguang teacher, listen to him to introduce the OSSIM system, only to find that such a set of open source solutions precisely meet the needs of most enterprises in this area. OSSIM is open source software, before contact with OSSIM, many people will have some doubts about it, worry about its lack of robustness, worry that its functions are not comprehensive enough, and even worry that it is as ugly as many open source software. But OSSIM surprised me, a veteran who had been in the open source world for many years, and its performance was absolutely eye-catching. So what is the specific OSSIM like? This question can not be explained in one or two sentences. For readers who want to know more about OSSIM, please read this book written by teacher Chenguang.

Wang Xingyu, founder of Linux China (https://linux.cn/) and former senior expert of China Telecom

Open source China recommendation

After being invited by Morninglight to write a preface to his new work, I was alarmed, even though I had been fooling around in the tech circle for more than a decade. However, the operation and maintenance staff are both familiar and unfamiliar to me. Although they are engaged in development, they come into contact with the work of operation and maintenance almost every day, from server installation, application environment installation to application deployment, as well as later maintenance, expansion, security, and so on. In particular, when I started to work on an open source Chinese website, I did it myself, but after two years of contact with Morninglight, I felt how insignificant what I had done.

From their own experience, operation and maintenance is really a very professional work, and requires that experience must be very rich in order to locate problems from a variety of phenomena and analyze problems from massive logs. in order to develop an effective solution to the problem. When the scale of a system is expanding, the work of operation and maintenance is becoming more and more important.

In the field of open source, there are a large number of open source software related to operation and maintenance, and the open source Chinese website alone contains the security architecture of tool source related to operation and maintenance. By integrating open source products, OSSIM provides a basic platform that can implement security monitoring functions. Its purpose is to provide a centralized, organized framework system that can be better monitored and displayed. Chenguang's book explains in great detail the principles of OSSIM architecture, installation and deployment, as well as internal architecture, high-performance deployment and application scenarios. It is not only suitable for beginners of software, but also has a very high reference value for experienced engineers.

From the length of this book, we can know the complexity of operation and maintenance work. Only by working hard can we have a place in the forest of strong hands and share with you.

Sweet Potato Open Source China Office

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.