Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Open Source SecuritySECUR IT Y POVER T Y AND T HE SMALL ENT ER PRISE
L E E V. MA NG O LDJ A NUA R Y20 14
About me…
• 15 years in computer & information security
• VP @ Central Florida ISSA
• VP @ Florida Cyber Alliance
• President @ LVM Engineering, Inc.
• Sr. Security Researcher @ DAS, Inc.
• Information Assurance Security Officer @ US Army ARL
• CyberPatriot Mentor
• CISSP, CEH, GSLC, ITIL-3, PMP…
The Security Poverty Line (SPL)
• What is the SPL?
• Coined by Wendy Nather, 451 Research
• Little-to-no security budget
• No new capital for IT or security
• No new software
• No IDS/IPS licenses
• No upgrades
• Once you fall below the line, it’s difficult to come back.
• Small businesses do this every-single-day!
Open Source ≠ Free
Addressing the SPL with Open Source Software
P R O
• Open Source Security software can fill the gaps
• OSS Tools are often as good as commercial counterparts
• Very mature tools, some with paid support
• The price is right… **
CO N
• Open Source ≠ Free!
• Open Source defensive security tools can lag behind paid tools
• Open Source support is usually non-existent
FOSS Assisted Processes
• Network Discovery
• Domain Services
• Vulnerability Scanning
• Availability Monitoring
• Intrusion Detection System and Monitoring
• Event Log Management
IDS&
Log Monitor
Network Monitoring
Vulnerability Scanner
Domain Services
Admin Box(W7)
Domain Member
(W7)
Domain Member
(W7)
Domain Member
(XP)
Linux Server(CentOS)
Production Network
Management Network
Demonstration Network
Domain Services
Samba4 (SerNet) and RSAT
http://www.samba.org | http://www.enterprisesamba.com | http://www.microsoft.com
Vulnerability Scanning
OpenVAS
http://www.openvas.org/
Includes• Nmap• Nikto• Ike-scan• Snamwalk• Amap• Ldapsearch• SLAD
• John the Ripper• Chkrootkit• LSOF• ClamAV• Tripwire• TIGER• Logwatch• etc...
• Ovaldi• PNScan• Port Bunny• W3af
IDS and Event Monitoring
Security Onion
http://securityonion.net
Included• Snort• Securita• Bro• ELSA• Squil• Squert• Snorby• CamMe• OSSEC• NetworkMiner• Argus• Driftnet• Much more…
Availability Monitoring
Nagios via Fully Automated Nagios
http://www.fullyautomatednagios.org/
Other stuff worth your time…
• AppSec: RIPS (PHP), SonarQube
• A/V: Microsoft Security Essentials, Comodo, Avast, etc…
• Backup: BackupPC
• Support: RT, Jira($), OSTicket, etc…
Questions?