Open Source for Cyber Security


Published on

Open Source for Cyber Security : Presentation at 4th Annual National Conference on Cyber Security - 19th Oct 2011

Published in: Technology
  • Be the first to comment

Open Source for Cyber Security

  1. 1. Prabath SiriwardenaSoftware Architect & Senior manager, WSO2
  2. 2. Free/Open  Source  Software,  or  FOSS,  is  software   that  is  liberally  licensed  to  grant  users  the  right  to  study,  change  and  improve  its  design  since  its   source  code  is  made  available  
  3. 3.  ¡  The  freedom  to  run  the  program  for  any  purpose  ¡  The  freedom  to  study  and  modify  the  program  ¡  The  freedom  to  copy  the  program  so  you  can  help   your  neighbor  ¡   The  freedom  to  improve  the  program  and  release   your  improvements  to  the  public,  so  that  the   whole  community  benefit  
  4. 4.  ¡   The  license  should  not  prohibit  free  redistribution  ¡   The  program  must  include  source  code  and  must  allow  distribution  in   source  code  as  well  as  compiled  form  ¡   The  license  must  allow  modifications  and  derived  works,  and  must  allow   them  to  be  distributed  under  the  same  terms  as  the  license  of  the  original   software  ¡  The  integrity  of  the  author’s  source  code  and  reputation  must  be   maintained  by  requiring  derived  works  to  carry  a  different  name  or  version   number  from  the  original  software  ¡  The  license  must  not  discriminate  against  any  person  or  group  of  persons  
  5. 5.    ¡  The  license  must  not  restrict  anyone  from  making  use  of  the  program  in  a   specific  field  of  endeavor  ¡  The  rights  attached  to  the  program  must  apply  to  all  to  whom  the  program   is  redistributed,  without  the  need  for  execution  of  an  additional  license  by   those  parties  ¡  The  rights  attached  to  the  program  must  not  depend  on  the  program  being   part  of  a  particular  software  distribution  ¡  The  license  must  not  place  restrictions  on  other  software  that  is  distributed   along  with  the  licensed  software  ¡  No  provision  of  the  license  may  be  predicated  on  any  individual  technology   or  style  of  interface  
  6. 6.­‐2011-­‐web-­‐server-­‐survey-­‐4.html  
  7. 7.  
  8. 8.  
  9. 9.   Lot’s  of  eye  balls  
  10. 10.   Lot’s  of  [Expert]  eye  balls  
  11. 11.   Lot’s  of  [Expert]  eye  balls       XML  signature  HMAC  truncation  authentication  bypass     DTD  based  XML  attacks    XML  Signature  Wrapping  Attack   The  Java  security  bug   Double.parseDouble("2.2250738585072012e-­‐308");  
  12. 12.   Money  can’t  buy  the  best  evaluation  
  13. 13.   Money  c   an’t  buy  the  best  evaluation     AES         IPSec   PPTP  
  14. 14.  ¡  Absence  of  meticulous  evaluation    ¡  Spurious  open  source  ¡  Lack  of  sponsorship  ¡  Lack  of  proper  documentation  
  15. 15.  ¡  Nessus  ¡  Snort  ¡  Nagios  ¡  SpamAssasssin  ¡  ClamAV  ¡  OpenSSL  ¡  OpenSSH  ¡  Ossec  HIDS  ¡  Wireshark