IBM Global Services
Securing your IT with open source
Vlatko Košturjak [email protected]
© Copyright IBM Corporation 2005 IBM Global Services
Agenda Hardening and Tightening Security policy Monitoring and preventing Security standards Security procedurs Forensic Physical security Future ...
TOTAL: 30 minutes
2 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Security
Secure Useable Cheap
3 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Security
H a s rd ic e s ni en ng or F
Monitoring & Preventing
4 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Tightening your system Tightening according to organization policies and standards Basic stuff Update/Patch Remove unneeded services Remove unneeded components Least privilege principle Implement strong passwords Deny all, allow specific ...
5 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Hardening Bastille Linux SELinux Grsecurity Openwall project Hardened debian Firewalls Shorewall FWbuilder Falcon firewall project
6 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Backup Amanda www.amanda.org Advanced Maryland Automatic Network Disk Archiver Bacula www.bacula.org Multiplatform network backup tool BackupPC backuppc.sourceforge.net High-performance backup of workstations to server's disk Dirvish www.dirvish.org Fast, disk based, rotating network backup system
7 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Monitoring Multi Router Traffic Grapher (MRTG) SmokePing Big Brother Ntop Mon OpenNMS Nagios rrdtool
8 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
E-mail Amavis Spamassasin pop3proxy postprox Proxsmtp Anti-Spam SMTP Proxy Mailstore smtpfilter Clamav ...
9 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Intrusion and Prevention Host Intrusion Detection Systems (HIDS) Tripwire AIDE Integration: Network Intrusion Detection Systems (NIDS) OS-SIM Snort Demarc Argus BroIDS Hybrid Intrusion Detection Systems (HyIDS) Prelude Prevention Blockit Snort2pf
10 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Wireless WIDZ Kismet FakeAP ...
11 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Test yourself Nmap Amap Hping2 Nessus Nikto Paros Ike-scan Fragrouter Firewalk ...
12 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Forensic Coroner's Toolkit Sleuth File System Investigator FLAG Bootable CD's DMSZ-Fire Freesbie Knoppix ...
13 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Attacker and Defender methodology
E n H u a me s rd c e a r si n g a n in in ti e g tt ld n or e o g F h G e to
Monitoring & Preventing Exploiting
14 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
Open standards Open standards IDMEF Common Base Event format ANML SIML SDML "An autonomic computing system cannot exist in a hermetic environment. While independent in its ability to manage itself, it must function in a heterogeneous world and implement open standards -- in other words, an autonomic computing system cannot, by definition, be a proprietary solution." - Autonimic Computing manifesto
15 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005 IBM Global Services
The end
QUESTIONS Vlatko Košturjak
16 Vlatko Košturjak: Securing your IT with open source © Copyright IBM Corporation 2005