Securing Your IT with Open Source

IBM Global Services

Securing your IT with open source

Agenda Hardening and Tightening Security policy Monitoring and preventing Security standards Security procedurs Forensic Physical security Future ...

TOTAL: 30 minutes

2 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Security

Secure Useable Cheap

3 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Security

H a s rd ic e s ni en ng or F

Monitoring & Preventing

4 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Tightening your system Tightening according to organization policies and standards Basic stuff Update/Patch Remove unneeded services Remove unneeded components Least privilege principle Implement strong passwords Deny all, allow specific ...

5 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Hardening Bastille Linux SELinux Grsecurity Openwall project Hardened debian Firewalls Shorewall FWbuilder Falcon firewall project

6 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Backup Amanda www.amanda.org Advanced Maryland Automatic Network Disk Archiver Bacula www.bacula.org Multiplatform network backup tool BackupPC backuppc.sourceforge.net High-performance backup of workstations to server's disk Dirvish www.dirvish.org Fast, disk based, rotating network backup system

7 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Monitoring Multi Router Traffic Grapher (MRTG) SmokePing Big Brother Ntop Mon OpenNMS Nagios rrdtool

8 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

E-mail Amavis Spamassasin pop3proxy postprox Proxsmtp Anti-Spam SMTP Proxy Mailstore smtpfilter Clamav ...

9 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Intrusion and Prevention Host Intrusion Detection Systems (HIDS) Tripwire AIDE Integration: Network Intrusion Detection Systems (NIDS) OS-SIM Snort Demarc Argus BroIDS Hybrid Intrusion Detection Systems (HyIDS) Prelude Prevention Blockit Snort2pf

10 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Wireless WIDZ Kismet FakeAP ...

11 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services

Test yourself Nmap Amap Hping2 Nessus Nikto Paros Ike-scan Fragrouter Firewalk ...

Forensic Coroner's Toolkit Sleuth File System Investigator FLAG Bootable CD's DMSZ-Fire Freesbie Knoppix ...

Attacker and Defender methodology

E n H u a me s rd c e a r si n g a n in in ti e g tt ld n or e o g F h G e to

Monitoring & Preventing Exploiting

Open standards Open standards IDMEF Common Base Event format ANML SIML SDML "An autonomic computing system cannot exist in a hermetic environment. While independent in its ability to manage itself, it must function in a heterogeneous world and implement open standards -- in other words, an autonomic computing system cannot, by definition, be a proprietary solution." - Autonimic Computing manifesto

The end

QUESTIONS Vlatko Košturjak