G.R.E.E.N Open Source Security Tools OWASP Malaysia

G.R.E.E.N
Open Source Security Tools OWASP Malaysia www.owasp.my KL GreenHat - 10 Feb 2011

G.R.E.E.N
G roup R econ E ducation E motion Control N eutralized

G.R.E.E.N
G roup

G roup
We all need to be in a group
We need to have policy
We have rules to follow

G roup
We all belong to group Company, community and education Why policy and rules ?

G roup
Haris, please reset root password? :) I have only user privileges BUT I can do it. ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you. clue : chmod +s and sudo

G roup
Within Group We can set policy and rules We can implement policy and rules We can by law punish who break the rules We can share knowledge and experience (Company Organisation Community) = GROUP

G roup
Organisation need to have security policy
Internal threat cause most security breaches

G roup
Rules thats within security policy
Internal threat cause most security breaches

G roup
Audit Tools - By hand :)

G roup
Audit Tools - Checklist Benchmark Audit Tool - cisecurity.org OWASP How To http://www.owasp.org/index.php/Category:How_To

G roup
Audit Tools Bastille Unix
A hardening script
bastille --report
http://bastille-linux.sourceforge.net/

G roup
Pentest - To check your own weakness Server - OpenVAS, Nikto, nmap Wireless - aircrack-ng, weplab, WEPCrack, airsnort Network - tcpdump, wireshark

G.R.E.E.N
R econ

R econ
We need to know and be active
Log monitoring
Process monitoring
Network Monitoring
Files Monitoring
Host Monitoring
Human Monitoring

R econ
Log Monitoring Central logging - syslog-ng Monitoring File Log - swatch

R econ
Process Monitoring Barking at daemons - Monit

R econ
Network Monitoring Network Intrusion Detection System
Snort
Snort Web interface using ACID
BRO - ada berani (need to customize)

R econ
Files Monitoring Files integrity Checking
Advanced Intrusion Detection Environment - AIDE
Open Source Tripwire

R econ
Host Monitoring host-based intrusion detection system (HIDS)
OSSEC HIDS - www.ossec.net
Samhain - la-samhna.de/samhain
OSiris - osiris.shmoo.com
Detect files changes and monitoring the logs and warn system admin.

R econ
Human Monitoring Opensource CCTV Zoneminder - www.zoneminder.com

G.R.E.E.N
E ducation

E ducation
Lack of awareness about security. Users - bring in trojan Sysadmin - server hijack Developers - not so secure web application Management - No ICT Security policy

E ducation
Action Plan Users - Cybersafe Malaysia Sysadmin - OWASP Webgoat Developers - OWASP top 10 Management - Create and implement Security policy

E ducation
Users - Cybersafe Malaysia www.cybersafe.my

E ducation
Sysadmin - OWASP Webgoat The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.

E ducation
Developers - OWASP Top 10 2010 A1: Injection A2: Cross-Site Scripting (XSS) A3: Broken Authentication and Session Management A4: Insecure Direct Object References A5: Cross-Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptographic Storage A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects and Forwards

E ducation
Management - Create and implement security policy Certification is important Get your people certified

G.R.E.E.N
E motion Control

E motion Control
Be Calm You will stress out if you not. Be Patient Knowledge come from learning Experience come from doing Its all about time

E motion Control
TuxRacer Bos Wars Globulation 2 FreeCol LinCity-NG Sauerbraten Sokoban Enigma BillardGL Wesnoth Flightgear Bzflag
Opensource games

G.R.E.E.N
N eutralized

N eutralized
Block the attack
Firewall
I ntrusion Prevention Framework
Filter the packets and data
Web proxy
Email filter
Protect the connection

N eutralized
Block the attack
Firewall
M0n0wall
PFsense
I ntrusion Prevention Framework
Fail2ban
TCP Wrapper

N eutralized
Filter the packets and data
Webproxy
Squid + Dansguardian
Nginx
Email Filter
Amavis-new
Mailscanner

N eutralized
Protect the connection
Using SSL - OpenSSL VPN - OpenVPN Encryption - GnuPG

OWASP Malaysia
OWASP Malaysia Local Chapter The Open Web Application Security Project (OWASP) is a not-for-profit worldwide charitable organization focused on improving the security of application software. www.owasp.my

The End
Malaysia OSS Community Survey 2011 on Awareness of OSS Certification - survey.mosc.my Malaysia Open Source Conference 2011 - portal.mosc.my Harisfazillah Jamel linuxmalaysia @ gmail.com
haris @ bytecraft.com.my
10 Feb 2011

G.R.E.E.N Open Source Security Tools OWASP Malaysia

by Harisfazillah Jamel

Accessibility

Categories

Upload Details

Usage Rights

Statistics

G.R.E.E.N Open Source Security Tools OWASP Malaysia Presentation Transcript