If you can't read please download the document
Upload
linuxmalaysia-malaysia
View
2.590
Download
4
Embed Size (px)
Citation preview
Open Source Security Tools For Internet Security
G.R.E.E.N
Open Source Security Tools
OWASP Malaysiahttps://www.owasp.org/index.php/Malaysia
KL GreenHat - 10 Feb 2011
Front page for my slide
G.R.E.E.N
GroupReconEducationEmotion ControlNeutralized
G.R.E.E.N
Group
G roup
We all need to be in a group
We need to have policy
We have rules to follow
G roup
We all belong to group
Company, community and education
Why policy and rules ?
G roup
Haris, please reset root password?
:)
I have only userprivileges
BUT I can do it.
ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you.clue : chmod +s and sudo
G roup
Within GroupWe can set policy and rulesWe can implement policy and rulesWe can by law punish who break the rules
We can share knowledge and experience
(Company Organisation Community) = GROUP
G roup
Organisation need to have security policy
Internal threat cause most security breaches
G roup
Rules thats within security policy
Internal threat cause most security breaches
G roup
Audit Tools - By hand :)
G roup
Audit Tools - Checklist
Benchmark Audit Tool - cisecurity.org
OWASP How To
http://www.owasp.org/index.php/Category:How_To
G roup
Audit Tools
Bastille Unix
A hardening script
bastille --report
http://bastille-linux.sourceforge.net/
G roup
Pentest - To check your own weakness
Server - OpenVAS, Nikto, nmap
Wireless - aircrack-ng, weplab, WEPCrack, airsnort
Network - tcpdump, wireshark
G.R.E.E.N
R econ
R econ
We need to know and be active
Log monitoring
Process monitoring
Network Monitoring
Files Monitoring
Host Monitoring
Human Monitoring
R econ
Log Monitoring
Central logging - syslog-ngMonitoring File Log - swatch
R econ
Process Monitoring
Barking at daemons - Monit
R econ
Network Monitoring
Network Intrusion Detection System
Snort
Snort Web interface using ACID
BRO - ada berani (need to customize)
R econ
Files Monitoring
Files integrity Checking
Advanced Intrusion Detection Environment - AIDE
Open Source Tripwire
R econ
Host Monitoring
host-based intrusion detection system (HIDS)
OSSEC HIDS -www.ossec.net
Samhain -la-samhna.de/samhain
OSiris -osiris.shmoo.com
Detect files changes and monitoring the logs and warn system admin.
R econ
Human Monitoring
Opensource CCTV
Zoneminder -www.zoneminder.com
G.R.E.E.N
E ducation
E ducation
Lack of awareness about security.
Users - bring in trojan
Sysadmin - server hijack
Developers - not so secure web application
Management - No ICT Security policy
E ducation
Action Plan
Users - Cybersafe Malaysia
Sysadmin - OWASP Webgoat
Developers - OWASP top 10
Management - Create and implement Security policy
E ducation
Users - Cybersafe Malaysia
www.cybersafe.my
E ducation
Sysadmin - OWASP Webgoat
The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.
E ducation
Developers - OWASP Top 10 2010A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Unvalidated Redirects and Forwards
E ducation
Management - Create and implement security policy
Certification is importantGet your people certified
G.R.E.E.N
E motion Control
E motion Control
Be Calm
You will stress out if you not.
Be Patient
Knowledge come from learningExperiencecome from doing
Its all about time
E motion Control
TuxRacerBos WarsGlobulation 2FreeColLinCity-NGSauerbratenSokobanEnigmaBillardGLWesnothFlightgearBzflag
Opensource games
G.R.E.E.N
N eutralized
Neutralized
Block the attack
Firewall
Intrusion Prevention Framework
Filter the packets and data
Web proxy
Email filter
Protect the connection
Neutralized
Block the attack
Firewall
M0n0wall
PFsense
Intrusion Prevention Framework
Fail2ban
TCP Wrapper
Neutralized
Filter the packets and data
Webproxy
Squid + Dansguardian
Nginx
Email Filter
Amavis-new
Mailscanner
Neutralized
Protect the connection
Using SSL - OpenSSL
VPN -OpenVPN
Encryption - GnuPG
OWASP Malaysia
OWASP Malaysia Local Chapter
The Open Web Application Security Project (OWASP) is a not-for-profit worldwide charitable organization focused on improving the security of application software.
www.owasp.my
The End
Malaysia OSS Community Survey 2011 on Awareness of OSS Certification - survey.mosc.my
Malaysia Open Source Conference 2011 - portal.mosc.my
Harisfazillah Jamel
linuxmalaysia @ gmail.com
http://blog.harisfazillah.info
10 Feb 2011