With OS patching becoming critical to keep systems protected, it is more and more difficult to achieve due the ever increasing frequency of OS update cycles. Monitoring OS patch compliance is a hot topic, intended to help admins keeping up with latest patches and to keep IT management informed about areas of risk. Thanks to the Nagios open architecture, patch check plugins can be easily developed and integrated to provide a enterprise view on the current patch status of the OS variety found in larger organisations: Cisco, Windows, Linux and AIX.
RSA 2012 Virtualization Security February 2012Symantec
At RSA 2012 Symantec and VMware announced five new security integrations with the VMware cloud infrastructure suite designed to deliver extensive protection for virtual and cloud environments along with operational cost savings. With new VMware integrations, Symantec enables joint customers to completely protect their virtual infrastructure and business-critical applications with data loss prevention, IT risk an compliance, data center protection, security information and event management (SIEM) and endpoint protection solutions – delivering unparalleled security, scalability and cost reductions for rapid services delivery and enhanced business agility for the cloud.
Symantec Endpoint Protection 12.1 is an endpoint security product that provides unified protection against viruses, spyware, firewalls, and intrusions for physical and virtual systems. It uses Symantec Insight technology to detect new and unknown threats through behavioral analysis and by correlating data across systems. The product offers fast performance without slowing down systems through features like separating safe files from risky ones. It also enhances protection of virtual environments.
This project involves implementing Kaspersky Security Center to centrally manage endpoint security across two internal networks. Kaspersky Security Center version 10 will be installed on an existing server to remotely manage and enforce separate policies for private and public desktops. The implementation will include migrating to Kaspersky Security Center 10, deploying the network agent and endpoint security software to devices, and configuring updates, policies and reporting.
Trend Micro presented new security paradigms for virtual environments:
1) Hypervisor-powered security using agentless anti-virus scanning of VMs from virtual appliances.
2) Beefing up server security using agentless IDS/IPS, firewall, and application protection from virtual appliances.
3) Using vCenter integration to make security virtualization-aware with both virtual appliances and agents.
4) Developing security that is cloud-ready to protect VMs moving between private and public clouds.
Symantec Endpoint Protection 12 provides a single agent and console for antivirus, antispyware, firewall, and other protections across Windows and Mac devices. It uses a new Insight technology powered by data from over 175 million endpoints to detect emerging and mutated threats that evade traditional signature-based scanning. Insight analyzes factors like file age, frequency, location, and community reputation ratings to proactively protect against new threats. Testing shows Symantec provides the most effective security with fewer false positives than competitors like Sophos, Kaspersky, Trend Micro, Microsoft, and McAfee.
Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition will provide businesses of all sizes with advanced new protection while improving system performance. Complete with advanced features to secure virtual infrastructures and powered by Insight, Symantec’s award-winning community-based reputation technology, Symantec Endpoint Protection 12 will detect sophisticated new threats earlier and more accurately than any other security product. Symantec Endpoint Protection offers comprehensive defense against all types of attacks for both physical and virtual systems. It seamlessly integrates 9 essential security technologies in a single, high performance agent with a single management console.
Register for the public beta program here: http://tinyurl.com/6xslnfn
Introducing Kaspersky Security for Virtualization - Light AgentKaspersky
Organisations globally are subject to greater levels of cyber-threat than ever before. It is vital that
the It infrastructure, both physical and virtual, is fully and effectively secured.
This presentation gives an overview of why and how!
RSA 2012 Virtualization Security February 2012Symantec
At RSA 2012 Symantec and VMware announced five new security integrations with the VMware cloud infrastructure suite designed to deliver extensive protection for virtual and cloud environments along with operational cost savings. With new VMware integrations, Symantec enables joint customers to completely protect their virtual infrastructure and business-critical applications with data loss prevention, IT risk an compliance, data center protection, security information and event management (SIEM) and endpoint protection solutions – delivering unparalleled security, scalability and cost reductions for rapid services delivery and enhanced business agility for the cloud.
Symantec Endpoint Protection 12.1 is an endpoint security product that provides unified protection against viruses, spyware, firewalls, and intrusions for physical and virtual systems. It uses Symantec Insight technology to detect new and unknown threats through behavioral analysis and by correlating data across systems. The product offers fast performance without slowing down systems through features like separating safe files from risky ones. It also enhances protection of virtual environments.
This project involves implementing Kaspersky Security Center to centrally manage endpoint security across two internal networks. Kaspersky Security Center version 10 will be installed on an existing server to remotely manage and enforce separate policies for private and public desktops. The implementation will include migrating to Kaspersky Security Center 10, deploying the network agent and endpoint security software to devices, and configuring updates, policies and reporting.
Trend Micro presented new security paradigms for virtual environments:
1) Hypervisor-powered security using agentless anti-virus scanning of VMs from virtual appliances.
2) Beefing up server security using agentless IDS/IPS, firewall, and application protection from virtual appliances.
3) Using vCenter integration to make security virtualization-aware with both virtual appliances and agents.
4) Developing security that is cloud-ready to protect VMs moving between private and public clouds.
Symantec Endpoint Protection 12 provides a single agent and console for antivirus, antispyware, firewall, and other protections across Windows and Mac devices. It uses a new Insight technology powered by data from over 175 million endpoints to detect emerging and mutated threats that evade traditional signature-based scanning. Insight analyzes factors like file age, frequency, location, and community reputation ratings to proactively protect against new threats. Testing shows Symantec provides the most effective security with fewer false positives than competitors like Sophos, Kaspersky, Trend Micro, Microsoft, and McAfee.
Symantec Endpoint Protection and Symantec Endpoint Protection Small Business Edition will provide businesses of all sizes with advanced new protection while improving system performance. Complete with advanced features to secure virtual infrastructures and powered by Insight, Symantec’s award-winning community-based reputation technology, Symantec Endpoint Protection 12 will detect sophisticated new threats earlier and more accurately than any other security product. Symantec Endpoint Protection offers comprehensive defense against all types of attacks for both physical and virtual systems. It seamlessly integrates 9 essential security technologies in a single, high performance agent with a single management console.
Register for the public beta program here: http://tinyurl.com/6xslnfn
Introducing Kaspersky Security for Virtualization - Light AgentKaspersky
Organisations globally are subject to greater levels of cyber-threat than ever before. It is vital that
the It infrastructure, both physical and virtual, is fully and effectively secured.
This presentation gives an overview of why and how!
CTE Ottawa Seminar Day - September 7th, 2012
Indeed, these are exciting times. The IT world is yet again taking another giant technological step forward. With the release of System Center 2012, Cloud services, and Server 2012, to name a few, IT Pros are quickly trying to ramp up their skills for this latest generation of products. Now Windows 8 is upon us and not since Windows 95 have we seen a major overhaul of the user interface.
Much has been said and published about Microsoft's latest client OS. Join us at CTE to take an honest "Enterprise" look under the hood of Windows 8 so that we can tackle hot topics like improvements for deployment, security, usability, reliability, compatibility, virtual desktop infrastructure, networking, etc.
At VMworld 2012, Symantec announced new solutions and technical integrations with VMware across its entire product portfolio to ensure higher levels of protection for virtualized environments. Together, Symantec and VMware enable SMBs and enterprises to use the benefits of virtualization without compromising protection.
Kaspersky Endpoint Security 8 provides businesses with comprehensive endpoint protection and control. It features superior anti-malware technology, application control through dynamic whitelisting, device control, and web content filtering. These capabilities help businesses significantly reduce security risks, improve efficiency and productivity, and enhance IT flexibility and control. The solution offers unified management through the Kaspersky Security Center console.
With today’s continuing explosive growth in information and data comes the need for storing data without the risk of compromising data integrity. On a smarter planet where instrumented, interconnected and intelligent devices constantly gather, generate and process information to build competitive advantages, organizations of all sizes not only need to improve their storage efficiency to meet growing business requirements...
Introducing New Kaspersky Endpoint Security for Business - ENGLISHKirill Kertsenbaum
Kaspersky Endpoint Security for Business is a single platform that contains anti-malware, mobile security, systems management, data encryption, and endpoint control tools. It is managed through a single console called Kaspersky Security Center. The platform brings deeper protection and seamless manageability by combining endpoint/infrastructure security and centralized management in one solution. It allows organizations to see, control, and protect their physical, virtual, and mobile devices from a range of cyber threats.
Kaspersky Security for Virtualization provides agentless anti-malware security for virtual machines without compromising performance. It offers unified protection and management of physical, virtual, and mobile devices from a single console. The solution leverages VMware's vShield Endpoint to offload anti-malware functions for improved VM density and performance compared to traditional agent-based solutions.
The document discusses System Center Endpoint Protection 2012 which is integrated with System Center Configuration Manager 2012 to provide security and antimalware management for desktops, portable computers, and servers from a single infrastructure; it highlights features like improved protection against known and unknown threats, easy migration from previous versions, and role-based management.
Following months of in-depth worldwide business user research and thousands of man-hours spent on its development, we are proudly introducing the new, completely re-engineered and redesigned line of #ESET business security products, now available worldwide. Check out our multi-layered security solutions and #DoMore!
http://www.eset.com/int/about/press/articles/products/article/esets-next-generation-business-security-products-now-available-worldwide
ESET File Security provides multilayered protection for servers without compromising performance. It protects against threats like ransomware and fileless malware using techniques like advanced memory scanning, behavior detection, and cloud-based protection. ESET's solutions are reliable, high-performing, and support platforms including Windows Server, Linux, and Microsoft Azure.
ESET is introducing its brand new product ESET Secure AuthenticationESET
ESET Secure Authentication (ESA) provides ultra-strong authentication to protect your network access and assets. It allows your mobile workforce to safely connect to the company network.
It is a mobile-based solution that uses two-factor (2FA) one-time-password (OTP) authentication system for accessing the company's VPN and OWA (Outlook Web App).
Read more about ESET Secure Authentication: www.eset.com/business/products/secure-authentication
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET
This document provides an overview of ESET, an IT security company founded in 1987. It details ESET's headquarters in Bratislava, regional centers, malware research centers, and worldwide presence with over 1,000 employees. The document highlights ESET's comprehensive range of business security products, including endpoint protection, data access protection, scanning and update options, and usability features. It also summarizes ESET's technology alliances and added value services like premium support and cutting-edge detection technologies.
The document describes the Altiris IT Management Suite 7.0 software from Symantec. It provides integrated management of clients, servers, assets, and service desks. It allows organizations to standardize, automate, and consolidate IT operations through features like software management, OS migration, process automation, and remote management. Case studies show it helping customers reduce costs, increase security and compliance, and focus IT resources on strategic initiatives.
The document summarizes new features in Symantec Control Compliance Suite version 10.5. Key updates include improved risk management through SCAP support for a shared view of IT risks and new workflow integration to manage people risks. The suite also provides a more holistic view of risk with out-of-box dashboard connectors. Additionally, it offers more comprehensive controls assessments through support for additional frameworks like PCI, FDCC, and OWASP.
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
The document discusses Kaspersky Endpoint Security for Business (KESB). It begins by outlining business demands like agility, efficiency, and productivity that impact IT with increased complexity, resource pressures, and rising malware threats. It then summarizes the key capabilities and components of KESB for seeing threats, controlling systems, and protecting data and devices. Specific areas covered in more depth include encryption technologies and policies, new system management features in Kaspersky Security Center 10 like licensing management and network access control, mobile device management options, and other Kaspersky products that provide comprehensive security.
Check Point is a cyber security company founded in 1993 that has adapted to meet customers' needs over the years. It offers a comprehensive portfolio of security products including threat prevention appliances, endpoint security, mobile security, network protection, security management, and public/private cloud solutions. Check Point aims to provide holistic security services and sees security as an integral part of business processes.
IS Decisions, founded in 2000 and based in Biarritz (France), is a Software Vendor specializing in Infrastructure and Security Management solutions for Microsoft Windows.
Software solutions developed for Network Administrators:
- secure, monitor and report on network access and user sessions
- audit access to sensitive files and folders
- perform remote installations of applications and updates across the network
- automate the inventory of Windows assets (hardware, software, settings, eventlogs)
More than 3,000 clients worldwide trust IS Decisions:
Airbus, American Express, AXA, Banco Santander, Bank of Tokyo, Barclays, Boeing, Citizen, Ernst & Young, GlaxoSmithKline, Hewlett-Packard, HSBC, Konica, IBM, Lockheed Martin, L’Oréal, Microsoft, Mitsubishi, Saint Gobain, Siemens, Smurfit Stone, Texas A&M University, Time Warner, United Nations, University of Cambridge, University of Pennsylvania, US Department of Justice, US Air Force, US Army, US Navy, Virgin, …
IS Decisions is a Microsoft Partner Silver Independent Software Vendor.
This document discusses implementing intrusion prevention. It explains that intrusion detection systems (IDS) were the first generation solution to recognize and mitigate threats, while intrusion prevention systems (IPS) are the second generation solution. IPS technologies use signature-based detection to identify intrusive activity in real-time. The document also outlines IPS management functions like event monitoring, reporting, and global correlation through the Cisco SensorBase Network.
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?IBM Security
Despite the implementation of various security controls, enterprises are being breached on a daily basis. Hackers use a variety of tools and techniques to infiltrate corporate networks and access valuable data. The prevailing method is to infect employee endpoint with advanced malware, steal login credentials and gain a foothold within the corporate network. Identifying effective solutions to prevent and mitigate these threats has never been so challenging.
In this live session Dana Tamir, Director of Enterprise Security Product Marketing at IBM Security Trusteer will:
- Discuss the threats and challenges organizations are facing in today’s rapidly evolving threat landscape
- Examine the business case for endpoint protection and breach prevention
- Provide recommendations for effective endpoint protections
View the on-demand recording: https://attendee.gotowebinar.com/recording/5627325065449913090
Symantec Brightmail Gateway 9.0 and Symantec Brightmail Gateway 9.0 Small Business Edition deliver enhanced protection through real-time updates, provide greater control through integrated email encryption and offer increased scalability to meet the needs of both enterprises and small businesses.
This document provides an overview and summary of Sophos Cloud security products, including endpoint protection, mobile control, server protection, web gateway, and email gateway. Key points mentioned are that Sophos Cloud provides integrated, comprehensive security through its various cloud-based products that are easy to deploy and manage without servers. Sophos Cloud offers features such as application control, download reputation, adware detection for Macs, server lockdown capabilities, mobile device management, web filtering, and advanced protection from threats in email.
Hacking the Government and other stories: how coders and developers have helped the UK Government on its open data journey and how Young Rewired State is helping to educate kids to code.
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
This document discusses PCI DSS compliance collaboration between NC State University and UNC-Chapel Hill. It provides an overview of their PCI DSS programs including organizational structures, merchants that accept credit cards, governance processes, and similarities and differences in their approaches. Key topics discussed include PCI scope, challenges with cardholder data environment planning given university reorganizations, and the need for education on maintaining PCI compliance.
CTE Ottawa Seminar Day - September 7th, 2012
Indeed, these are exciting times. The IT world is yet again taking another giant technological step forward. With the release of System Center 2012, Cloud services, and Server 2012, to name a few, IT Pros are quickly trying to ramp up their skills for this latest generation of products. Now Windows 8 is upon us and not since Windows 95 have we seen a major overhaul of the user interface.
Much has been said and published about Microsoft's latest client OS. Join us at CTE to take an honest "Enterprise" look under the hood of Windows 8 so that we can tackle hot topics like improvements for deployment, security, usability, reliability, compatibility, virtual desktop infrastructure, networking, etc.
At VMworld 2012, Symantec announced new solutions and technical integrations with VMware across its entire product portfolio to ensure higher levels of protection for virtualized environments. Together, Symantec and VMware enable SMBs and enterprises to use the benefits of virtualization without compromising protection.
Kaspersky Endpoint Security 8 provides businesses with comprehensive endpoint protection and control. It features superior anti-malware technology, application control through dynamic whitelisting, device control, and web content filtering. These capabilities help businesses significantly reduce security risks, improve efficiency and productivity, and enhance IT flexibility and control. The solution offers unified management through the Kaspersky Security Center console.
With today’s continuing explosive growth in information and data comes the need for storing data without the risk of compromising data integrity. On a smarter planet where instrumented, interconnected and intelligent devices constantly gather, generate and process information to build competitive advantages, organizations of all sizes not only need to improve their storage efficiency to meet growing business requirements...
Introducing New Kaspersky Endpoint Security for Business - ENGLISHKirill Kertsenbaum
Kaspersky Endpoint Security for Business is a single platform that contains anti-malware, mobile security, systems management, data encryption, and endpoint control tools. It is managed through a single console called Kaspersky Security Center. The platform brings deeper protection and seamless manageability by combining endpoint/infrastructure security and centralized management in one solution. It allows organizations to see, control, and protect their physical, virtual, and mobile devices from a range of cyber threats.
Kaspersky Security for Virtualization provides agentless anti-malware security for virtual machines without compromising performance. It offers unified protection and management of physical, virtual, and mobile devices from a single console. The solution leverages VMware's vShield Endpoint to offload anti-malware functions for improved VM density and performance compared to traditional agent-based solutions.
The document discusses System Center Endpoint Protection 2012 which is integrated with System Center Configuration Manager 2012 to provide security and antimalware management for desktops, portable computers, and servers from a single infrastructure; it highlights features like improved protection against known and unknown threats, easy migration from previous versions, and role-based management.
Following months of in-depth worldwide business user research and thousands of man-hours spent on its development, we are proudly introducing the new, completely re-engineered and redesigned line of #ESET business security products, now available worldwide. Check out our multi-layered security solutions and #DoMore!
http://www.eset.com/int/about/press/articles/products/article/esets-next-generation-business-security-products-now-available-worldwide
ESET File Security provides multilayered protection for servers without compromising performance. It protects against threats like ransomware and fileless malware using techniques like advanced memory scanning, behavior detection, and cloud-based protection. ESET's solutions are reliable, high-performing, and support platforms including Windows Server, Linux, and Microsoft Azure.
ESET is introducing its brand new product ESET Secure AuthenticationESET
ESET Secure Authentication (ESA) provides ultra-strong authentication to protect your network access and assets. It allows your mobile workforce to safely connect to the company network.
It is a mobile-based solution that uses two-factor (2FA) one-time-password (OTP) authentication system for accessing the company's VPN and OWA (Outlook Web App).
Read more about ESET Secure Authentication: www.eset.com/business/products/secure-authentication
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET
This document provides an overview of ESET, an IT security company founded in 1987. It details ESET's headquarters in Bratislava, regional centers, malware research centers, and worldwide presence with over 1,000 employees. The document highlights ESET's comprehensive range of business security products, including endpoint protection, data access protection, scanning and update options, and usability features. It also summarizes ESET's technology alliances and added value services like premium support and cutting-edge detection technologies.
The document describes the Altiris IT Management Suite 7.0 software from Symantec. It provides integrated management of clients, servers, assets, and service desks. It allows organizations to standardize, automate, and consolidate IT operations through features like software management, OS migration, process automation, and remote management. Case studies show it helping customers reduce costs, increase security and compliance, and focus IT resources on strategic initiatives.
The document summarizes new features in Symantec Control Compliance Suite version 10.5. Key updates include improved risk management through SCAP support for a shared view of IT risks and new workflow integration to manage people risks. The suite also provides a more holistic view of risk with out-of-box dashboard connectors. Additionally, it offers more comprehensive controls assessments through support for additional frameworks like PCI, FDCC, and OWASP.
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
The document discusses Kaspersky Endpoint Security for Business (KESB). It begins by outlining business demands like agility, efficiency, and productivity that impact IT with increased complexity, resource pressures, and rising malware threats. It then summarizes the key capabilities and components of KESB for seeing threats, controlling systems, and protecting data and devices. Specific areas covered in more depth include encryption technologies and policies, new system management features in Kaspersky Security Center 10 like licensing management and network access control, mobile device management options, and other Kaspersky products that provide comprehensive security.
Check Point is a cyber security company founded in 1993 that has adapted to meet customers' needs over the years. It offers a comprehensive portfolio of security products including threat prevention appliances, endpoint security, mobile security, network protection, security management, and public/private cloud solutions. Check Point aims to provide holistic security services and sees security as an integral part of business processes.
IS Decisions, founded in 2000 and based in Biarritz (France), is a Software Vendor specializing in Infrastructure and Security Management solutions for Microsoft Windows.
Software solutions developed for Network Administrators:
- secure, monitor and report on network access and user sessions
- audit access to sensitive files and folders
- perform remote installations of applications and updates across the network
- automate the inventory of Windows assets (hardware, software, settings, eventlogs)
More than 3,000 clients worldwide trust IS Decisions:
Airbus, American Express, AXA, Banco Santander, Bank of Tokyo, Barclays, Boeing, Citizen, Ernst & Young, GlaxoSmithKline, Hewlett-Packard, HSBC, Konica, IBM, Lockheed Martin, L’Oréal, Microsoft, Mitsubishi, Saint Gobain, Siemens, Smurfit Stone, Texas A&M University, Time Warner, United Nations, University of Cambridge, University of Pennsylvania, US Department of Justice, US Air Force, US Army, US Navy, Virgin, …
IS Decisions is a Microsoft Partner Silver Independent Software Vendor.
This document discusses implementing intrusion prevention. It explains that intrusion detection systems (IDS) were the first generation solution to recognize and mitigate threats, while intrusion prevention systems (IPS) are the second generation solution. IPS technologies use signature-based detection to identify intrusive activity in real-time. The document also outlines IPS management functions like event monitoring, reporting, and global correlation through the Cisco SensorBase Network.
The Business Case for Enterprise Endpoint Protection: Can You Afford Not To?IBM Security
Despite the implementation of various security controls, enterprises are being breached on a daily basis. Hackers use a variety of tools and techniques to infiltrate corporate networks and access valuable data. The prevailing method is to infect employee endpoint with advanced malware, steal login credentials and gain a foothold within the corporate network. Identifying effective solutions to prevent and mitigate these threats has never been so challenging.
In this live session Dana Tamir, Director of Enterprise Security Product Marketing at IBM Security Trusteer will:
- Discuss the threats and challenges organizations are facing in today’s rapidly evolving threat landscape
- Examine the business case for endpoint protection and breach prevention
- Provide recommendations for effective endpoint protections
View the on-demand recording: https://attendee.gotowebinar.com/recording/5627325065449913090
Symantec Brightmail Gateway 9.0 and Symantec Brightmail Gateway 9.0 Small Business Edition deliver enhanced protection through real-time updates, provide greater control through integrated email encryption and offer increased scalability to meet the needs of both enterprises and small businesses.
This document provides an overview and summary of Sophos Cloud security products, including endpoint protection, mobile control, server protection, web gateway, and email gateway. Key points mentioned are that Sophos Cloud provides integrated, comprehensive security through its various cloud-based products that are easy to deploy and manage without servers. Sophos Cloud offers features such as application control, download reputation, adware detection for Macs, server lockdown capabilities, mobile device management, web filtering, and advanced protection from threats in email.
Hacking the Government and other stories: how coders and developers have helped the UK Government on its open data journey and how Young Rewired State is helping to educate kids to code.
PCIDSS compliance made easier through a collaboration between NC State and UN...John Baines
This document discusses PCI DSS compliance collaboration between NC State University and UNC-Chapel Hill. It provides an overview of their PCI DSS programs including organizational structures, merchants that accept credit cards, governance processes, and similarities and differences in their approaches. Key topics discussed include PCI scope, challenges with cardholder data environment planning given university reorganizations, and the need for education on maintaining PCI compliance.
Ransomware is Here: Fundamentals Everyone Needs to KnowJeremiah Grossman
If you’re an IT professional, you probably know at least the basics of ransomware. Instead of using malware or an exploit to exfiltrate PII from an enterprise, bad actors instead find valuable data and encrypt it. Unless you happen to have an NSA-caliber data center at your disposal to break the encryption, you must pay your attacker in cold, hard bitcoins—or else wave goodbye to your PII. Those assumptions aren’t wrong, but they also don’t tell the whole picture.
During this event we’ll discuss topics such as:
Why Ransomware is Exploding
The growth of ransomware, as opposed to garden-variety malware, is enormous. Hackers have found that they can directly monetize the data they encrypt, which eliminates the time-consuming process of selling stolen data on the Darknet. In addition, the use of ransomware requires little in the way of technical skill—because attackers don’t need to get root on a victim’s machine.
Who the Real Targets Are
Two years ago, the most newsworthy victims of ransomware were various police departments. This year, everyone is buzzing about hospitals. Is this a deliberate pattern? Probably not. Enterprises are so ill-prepared for ransomware that attackers have a green field to wreak havoc. Until the industry shapes up, bad actors will target ransomware indiscriminately.
Where Ransomware Stumbles
Although ransomware is nearly impossible to dislodge when employed correctly, you may be surprised to find that not all bad actors have the skill to do it. Even if ransomware targets your network, you may learn that your attackers have used extremely weak encryption—or that they’ve encrypted files that are entirely non-critical.
As far as ransomware is concerned, forewarned is forearmed. Once you know how attackers deliver ransomware, who they’re likely to attack, and the weaknesses in the ransomware deployment model, you’ll be able to understand how to protect your enterprise.
The document provides an overview of IT security awareness training at MCN IT Support. It discusses policies and procedures around password management, anti-malware protection, web content filtering, data protection and backup, email security, patch management, and guidance for employees. The training covers complex password requirements, private password handling, automated virus definition updates, manual scanning, web and email traffic monitoring, data encryption, backup scheduling, email encryption, and centralized patch distribution.
Transforming your Security Products at the EndpointIvanti
Are you thinking about extending the endpoint capabilities of your Security Solution? Join us for a dep dive into the value of embedding patch management capabilities into your security software. Learn how other security companies have chosen to add patching and remdiation. Why in 2018 patching is more important than ever as your customers confront ransomware, zero day attacks, and more.
Domain 3: Security Engineering
Virtualization and Distributed Computing
System Vulnerabilities, Threats and Countermeasures
Cornerstone Cryptographic Concepts
History of Cryptography
Types of Cryptography
Cryptographic Attacks
Implementing Cryptography
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data.
Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
SCCM 2012 provides expanded management capabilities for both systems and users. It focuses on application lifecycle management, including installation, revision, supersedence, and uninstallation of applications. It also aims to intelligently target relationships between users and systems. SCCM 2012 improves upon SCCM 2007 by embracing user-centric scenarios and providing a state-based design for deploying content and applications to devices.
CyberCrime in the Cloud and How to defend Yourself Alert Logic
The document discusses cybercrime threats in the cloud and how to defend against them. It notes that traditional on-premises threats are moving to the cloud, with web application attacks and brute force attacks being most common. Honeypots are used to gather intelligence on attacks by simulating vulnerable systems. Analysis of honeypot data found increases in brute force attacks and vulnerability scans in cloud environments. The document recommends best practices like secure coding, access management, patch management, log review, and tools like firewalls and intrusion detection to help secure cloud environments.
This PhD proposal outlines a system to provide rapid recovery from attacks and increased resistance to malware, viruses, and system errors. The system uses virtualization techniques to isolate user data, applications, and system components. User data is stored in a file system virtual machine to protect it from corruption. Applications are isolated in separate virtual machine appliances to limit their ability to interfere with other components. A network virtual machine incorporates intrusion detection and firewalls. The proposal discusses the design, implementation, and evaluation of the system to improve both performance and security compared to existing approaches.
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld
VMworld 2013
Merritte Stidston, McKesson
James Wiese, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
VMworld 2013
Azeem Feroz, VMware
Sachin Vaidya, VMware
Learn more about VMworld and register at http://www.vmworld.com/index.jspa?src=socmed-vmworld-slideshare
How Microsoft Technologies And Windows Vista Improve SupportingMicrosoft TechNet
This document provides an overview and agenda for a training session on how Microsoft technologies and Windows Vista can improve support and maintenance of the desktop. The session will cover advances in Windows Vista, standard software deployment methods, client monitoring and management, and securing the Windows Vista desktop. Specific topics include deploying standard images, monitoring clients with System Center Operations Manager, managing group policy, and demonstrating applications like deploying NetMeeting with Configuration Manager and monitoring clients.
Cloud computing introduced with emphasis on the underlying technology explaining that more than virtualization is involved. Topics covered include: Cloud Technologies, Web Applications, Clustering, Terminal Services, Application Servers, Virtualization, Hypervisors, Service Models, Deployment Models, and Cloud Security.
Managed Services;
AdvancedWatch IT Monitoring;
AdvancedBackup Disaster Recovery and Business Continuity;
Storage Solutions;
Network Design, Implementation, and Documentation;
Network Security;
IP Telephony;
Secure Wireless Solutions;
Project Management and Consulting;
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXNGINX, Inc.
With advancing technology and the ever-evolving landscape of cybercrime, it is more important today than ever to reduce file-borne attacks, secure encrypted traffic, and protect your networks.
In this webinar, we discuss the latest developments in the threat landscape, why shared responsibility matters for critical infrastructure, and how you can mitigate future threat vectors with the F5 NGINX Plus Certified Module from OPSWAT.
Comwise is a network security company established in 1997 that represents database monitoring, user activity recording, and log management solutions. SQL injection has replaced XSS as the top vulnerability exploited by attackers using automated tools to embed malware in databases. Database activity monitoring solutions provide full visibility into database activity and detect unauthorized access attempts.
Virtualization Forum 2015, Praha, 7.10.2015
sál VMware
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf.
This document discusses network security solutions for Eximbank. It begins with an overview of network security and the need for an integrated defense-in-depth approach using firewalls, intrusion detection systems, antivirus software, vulnerability scanners, and centralized management. It then outlines types of attacks and provides a security blueprint. Specific solutions discussed include the Cisco PIX firewall, CheckPoint firewall, intrusion detection systems, antivirus systems, vulnerability scanners, and identity and policy management solutions. The document concludes with an overview of the proposed security design for Eximbank incorporating these various solutions.
Presentation held by Mr.Vladimir Danilenko as a part of the Broadband Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Similar to Frank Migge It Security Patch Monitoring With Nagios 02 (20)
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
2. Agenda
1. Vulnerabilities 2. Improving Patch Management
Increasing Numbers IT Infrastructure Vendor Review
Enabling Factors Patch Monitoring for Windows
Focus on Operating Systems Patch Monitoring for AIX Unix
Mitigation and Elimination Patch Monitoring for Linux
Strategies Patch Monitoring for Cisco
Vendor Response
The Challenges of Patching 3. Experience and Future
IT SECURITY PATCH MONITORING WITH NAGIOS
4. Vulnerabilities: Increasing Numbers
Steep increase in recent vulnerabilities
Source: http://www.cert.org/stats/
CERT*, the Computer Emergency Readiness
Team, who coordinates communication
during security emergencies and helps to
prevent future incidents.
*CERT is one of the oldest institutions in IT Security, not
to confuse with the US‐CERT at http://www.us‐cert.gov/
IT SECURITY PATCH MONITORING WITH NAGIOS
Reasons:
increasing software complexity
faster time‐to‐market (sell first – update later)
Network connectivity built into everything
Internet everywhere on the planet, greater
pool of smart people on the “wrong” side
5. Million lines
Focus on Operating Systems
OS became the largest “piece” of SW:
Increased size due to progress in
GUI design, device support, “features”,
connectivity, integrated applications
Increased required disk space
But also increased vulnerability.
“complexity is the worst enemy of security”
Bruce Schneier, http://www.schneier.com/crypto‐gram‐0003.html#8
IT SECURITY PATCH MONITORING WITH NAGIOS
Network OS Vendor Cisco: Fighting with it’s IOS complexity
272722 different IOS Images known to the Cisco Feature Navigator (June 2009)
Source: “Router Exploitation” ‐ Felix ‘FX‘ Lindner, BlackHat 2009, P19: The IOS Image Hell ‐ http://www.blackhat.com/
CCO example: SOHO Router 1812 = 184 versions
Reasons: HW, IOS is still a single, large ELF binary
Which version is the latest? Which has bugs???
7. Vulnerability Mitigation and Elimination Strategies
OS Vendors: Secure Configuration Defaults
disable insecure services
enforce default password change
Secure Services
using encryption and authentication
Implementation of Mitigation Features
system firewalls or access control
enhanced privilege separation and definitions
Patches, patches, patches …
IT SECURITY PATCH MONITORING WITH NAGIOS
IT SW Industry: Add‐On Mitigation Software
Virus Scanner (Client, Server and Storage side)
Host‐Based IDS
Endpoint Security
Host‐Based Firewall
Device Control Wireless, USB
Configuration Control System scanner, Integrity Checker
8. The OS vendor patch response
New ways in patch provisioning, distribution, schedules and types:
manual online patch download built‐in, automatic online patch service
Microsoft: Windows Update Service and Windows Update Website (ActiveX)
Linux: Novell Update Service (SLES), Redhat RHN Update Service
IBM: Service Update Management Assistant (SUMA)
Simple vendor download site distributed, policy‐based patch‐server architecture
Microsoft: WSUS
Novell: ZENworks Patch Management Server
IBM: Tivoli® Provisioning Manager
IT SECURITY PATCH MONITORING WITH NAGIOS
New patch types: emergency (interim) patch, standard patch, service‐pack
ad‐hoc patch releases periodic patch days
Windows: monthly, first Tuesday in a month (Patch Tuesday, Black Tuesday)
Cisco: bi‐annual, fourth Wednesday of March and September
IBM: quarterly schedule for service packs
9. Challenges of Patching ‐ Why are systems unpatched?
Patching costs resources (= money), real risk is difficult to quantify
IT must balance operational costs vs. security risks
IT operations cost is under high pressure (Outsourcing, SAS, HW consolidation)
Patches need to be tested, any system change is a risk to current setup
Too many vulnerabilities (while patching is scheduled, new patches are released)
Vendors and security organizations announce ca 150 vulnerabilities/week
Patch notification and distribution is not standardized
Vulnerability and Patch management is central part of IT Security Programs
IT SECURITY PATCH MONITORING WITH NAGIOS
IT Security teams constantly re‐evaluate IT risk level based on new vulnerabilities, exploits,
current system and application patch level, estimate window between identification of
vulnerabilities and creation of exploits (shrinking). Among the common security tasks:
Execution of periodic Vulnerability Scans
Vulnerability Monitoring (time consuming, manual process)
Escalation of perceived “high‐risk” systems and situations
10. 2. Improving IT Patch Management with Nagios
OS patch and version monitoring plug‐in’s for Windows, AIX, Linux and Cisco
IT SECURITY PATCH MONITORING WITH NAGIOS
Frank Migge, Manager Information Security Office
Plugin descriptions and links also available via http://www.monitoringexchange.org “Articles”
11. 2. Improving IT Patch Management
• Implementation of a vendor neutral patch status monitoring on all systems
• Implementation of immediate, standardized patch notification for all systems
• Leveraging existing systems inventory and monitoring escalation setup
• Real‐time view into the current systems patch status and software versions
Patch status becomes just another indicator for “system health”.
A task for
IT SECURITY PATCH MONITORING WITH NAGIOS
Benefits:
Faster, direct and standardized notification to the support engineers
Reduction of “human error” – missed systems / forgotten patches
Fast identification of vulnerable systems
Enforce and monitor patch policy compliance
Highly visible patch accountability
12. Today's typical IT Infrastructure and Vendors:
Traditional
Windows Network
UNIX Linux Servers Appliances
Servers Equipment
Servers
• Office • Database • Database • Switches • Storage
Backend • Application • Application • Routers • VOIP
• GroupWare • Web Servers • Web Servers • Firewalls • VMware
• App Servers hosts
Microsoft IBM, HP, SUN RedHat, SuSE Cisco Others
‐ Few network and server vendors, but each has it’s own distinctive patch management
‐ By implementing Nagios patch checks, we can cover almost all critical IT areas
IT SECURITY PATCH MONITORING WITH NAGIOS
OS distribution in IT Infrastructure: We
have a gap of 67 systems = 7.41%. Not
covered systems are appliances, i.e. PBX
and storage.
13. Nagios patch monitoring for Windows
• Windows update service
prerequisites: • SNMPtrapgen, [proxy]
• Windows update service via
data source Windows Scripting Host
• win_update_trapsend.vbs (client)
plugin script • send_trap_data.pl (Nagios server)
plugin • passive, scheduled once a day
execution • SNMP trap send to Nagios host
IT SECURITY PATCH MONITORING WITH NAGIOS
Leverages Microsoft built‐in scripting engine VBS for data collection
requires extra binary for sending SNMPtraps to minimize ‘footprint’
no monitoring daemon installation
Works well if update service is configured for Microsoft
Less efficient with WSUS systems due to limited patch visibility
15. Patch monitoring: Microsoft Windows – Nagios Setup
1. Configure the SNMPtrap service and install/update the traphandler ‘send_trap_data.pl’
nagios ~ # cat /etc/snmp/snmptrapd.conf
###############################################################################
# snmptrapd.conf:
# configuration file for configuring the ucd-snmp snmptrapd agent.
###############################################################################
# first, we define the access control
authCommunity log,execute,net SECtrap
# Win update traphandler: SNMPv2-MIB::snmpTrapOID.0 = RFC1155-SMI::enterprises.2854.0.1
traphandle RFC1155-SMI::enterprises.2854.0.1 /srv/app/nagios/libexec/send_trap_data.pl
2. Verify passive data submission into Nagios through the named pipe nagios.cfg
# grep EXTERNAL /srv/app/nagios/var/nagios.log
[1251126027] EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT;jpnhoap016;check_trap_winpatch;0;No
critical updates. | Windows Version: Microsoft Windows Server 2003 5.2.3790, Update Service: WU
http://JPNHOMG029:8530
IT SECURITY PATCH MONITORING WITH NAGIOS
nagios ~ # vi /srv/app/nagios/etc/objects/patch-services-windows.cfg
############################################################################### 3. Configure the new
# Receive SNMP traps for Windows update status
###############################################################################
patch monitoring
define service {
use generic-patch-win
service
hostgroup 2-windows-servers
name check_trap_winpatch
service_description check_trap_winpatch
service_groups patch-checks-win, patch-compliance
}
Using external commands in Nagios http://linux.com/archive/feature/153285
17. Nagios patch monitoring for IBM AIX 5.3
• IBM update service
prerequisites:
• SSH Service, [proxy]
data source • SUMA
• check‐rug‐update.pl (client)
plugin script
• check_snmp_extend.sh (svr)
plugin • active, scheduled once a day
execution • Passive, scheduled once a day
IT SECURITY PATCH MONITORING WITH NAGIOS
The most ‘conservatively’ patched systems
Least experienced staff needs the most help
AIX is more secure in terms of less SW vulnerabilities
AIX is weak in configuration due to the OS being quite ‘old’
18. Patch monitoring: IBM AIX 5.3 – Configuring the Monitored System
1. Configure and verify the “Service Update Management Assistant" SUMA
$ sudo suma -c -a HTTP_PROXY=http://192.168.100.184:80/
$ sudo suma -c -a DL_TIMEOUT_SEC=10
$ sudo suma -c |grep HTTP_PROXY
HTTP_PROXY=http://192.168.100.184:80/
$ sudo suma -c
…
2. Install the plugin script ‘check‐aix‐update.pl’ or ‘aix_update_trapsend.pl’
$ sudo /scripts/check-aix-update.pl
WARNING - 211 update(s) available: X11.Dt.lib Version 5.3.7.2 X11.Dt.rte Version 5.3.7.3 SLES10
X11.apps.rte Version 5.3.7.1 X11.base.lib Version 5.3.7.2 X11.base.rte Version 5.3.7.5
bos.64bit Version 5.3.7.7 bos.acct Version 5.3.7.8 bos.adt.base Version 5.3.7.3 bos.adt.debug
Version 5.3.7.3 bos.adt.include Version 5.3.7.7 bos.adt.insttools Version 5.3.7.2
... perfagent.tools Version 5.3.7.4 printers.rte Version 5.3.7.2|OS Version 5300-07-01-0748,
Proxy http://10.253.100.184:80/, Update-URL www14.software.ibm.com/webapp/set2/fixget
IT SECURITY PATCH MONITORING WITH NAGIOS
3. Decide the how to call and return the check result:
SSH SNMPtrap
check‐aix‐update.pl aix_update_trapsend.pl
ssh user@aixhost "sudo /scripts/check‐ cron‐scheduled once a day
aix‐update.pl"
20. Patch monitoring: Novell Linux SLES10 ‐ Overview
• Novell update service
prerequisites:
• SNMP service, [proxy]
data source • ZENworks zmd service via rug
• check‐rug‐update.pl (client)
plugin script
• check_snmp_extend.sh (svr)
plugin • active, scheduled once a day
execution • SNMP request to SNMP extend
IT SECURITY PATCH MONITORING WITH NAGIOS
Depends on ‘rug’ and novell‐zmd service
zmd service ‘zombies’ experienced due to commit issues in sqlite backend
Due to high frequency of Linux patch releases (weekly), big benefit
21. Patch monitoring: Novell Linux SLES10 – Configuring the Monitored System
1. Configure and verify the SLES Zenworks update service, using the 'rug' command
# rug lu
S | Catalog | Bundle | Name | Version | Arch
--+-------------------+--------+----------+-----------+-------
| SLES10-SP2-Online | | Spident | 0.9-74.24 | noarch
# ./check-rug-update.pl
WARNING - 1 update(s) available: SPident Version 0.9-74.24
2. Install and test the plugin script ‘check‐rug‐update.pl’
# ./check-rug-update.pl --run-rug
OK - system is up to date SLES10
# cat ./test
S | Catalog | Bundle | Name | Version | Arch
--+-------------------+--------+----------+-----------+-------
| SLES10-SP2-Online | | Spident | 0.9-74.24 | noarch
# ./check-rug-update.pl --file=test WARNING - 1 update(s) available: SPident Version 0.9-74.24
IT SECURITY PATCH MONITORING WITH NAGIOS
3. Configure and test the remote plugin access through the UCD Net‐SNMP service
# echo "extend nagiosupdate /srv/app/nagios/libexec/check-rug-update.pl
--run-rug“ >> /etc/snmp/snmpd.conf
# /etc/init.d/snmpd restart
Shutting down snmpd: done
Starting snmpd
# snmpget -v 2c -c myread 127.0.0.1 NET-SNMP-EXTEND-MIB::nsExtendOutputFull.
“nagiosupdate"
NET-SNMP-EXTEND-MIB::nsExtendOutputFull.“nagiosupdate" = STRING: No updates
are available.
22. Patch monitoring: Novell Linux SLES10 – Nagios Setup
1. Get, install and test the ‘check_snmp_extend.sh’ script as a plugin
/srv/app/nagios/libexec # cp /tmp/check_snmp_extend.sh .
/srv/app/nagios/libexec # ls -l check_snmp_extend.sh
-rwxr-x--- 1 nagios nagios 1979 2008-10-02 16:50 check_snmp_extend.sh
/srv/app/nagios/libexec # ./check_snmp_extend.sh Syntax: check_snmp_extend.sh ipaddr community
/srv/app/nagios/libexec # ./check_snmp_extend.sh 192.168.11.22 myread nagiosupdate
OK - system is up to date
2. Configure the new plugin in the Nagios command.cfg section
/srv/app/nagios/etc/objects # vi commands.cfg
Nagios
# 'check_snmp_extend' command definition
# syntax: check_snmp_extend.sh host-ip snmp-community extend-name
define command{
command_name check_snmp_extend
command_line $USER1$/check_snmp_extend.sh $HOSTADDRESS$ $ARG1$ $ARG2$
}
IT SECURITY PATCH MONITORING WITH NAGIOS
/srv/app/nagios/etc/objects # vi sles10-patch-services.cfg
3. Configure the new
###############################################################################
# SLES10 OS Patch Update Check via SNMP extend scripts patch monitoring
###############################################################################
define service { service
use generic-patch
host_name ml08460
name check_snmp_extend
service_description check_patch_sles10
check_command check_snmp_extend!myread!nagiosupdate
}
24. Nagios patch monitoring for Cisco IOS, ASA, PIX
• SNMP service access
prerequisites:
• Cisco CCO account
data source • SNMPv2 MIB "sysDescr"
• check_snmp_patchlevel.pl
plugin script
• check_snmp_patchlevel.cfg
plugin • active, scheduled once a day
execution • SNMP request to SNMP MIB
IT SECURITY PATCH MONITORING WITH NAGIOS
Cisco is ‘conservatively’ patched due to risk and effort (reboot, cumbersome rollback)
Big benefit for standardizing OS versions and identifying ‘rogue’ devices
Network device numbers greatly surpass server numbers
25. Patch monitoring: Cisco IOS, ASA, PIX – Cisco Setup
1. Cisco SNMP service configuration eample
Router # conf t
Router(config)# snmp-server community SECro ro 192.168.103.34
Router(config)# snmp-server host 192.168.103.34 SECtrap
Router(config)# snmp-server enable traps snmp linkdown linkup coldstart warmstart
2. Test SNMP access to the Cisco device
# snmpget -v 1 -c SECro 192.168.203.4 SNMPv2-MIB::sysDescr.0
Cisco:
SNMPv2-MIB::sysDescr.0 = STRING: Cisco Internetwork Operating System Software IOS (tm) C2950
Software (C2950-I6Q4L2-M), Version 12.1(22)EA9, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2006 Router
by cisco Systems, Inc. Compiled Fri 01-Dec-06 18:02 by weiliu
Switches
FW’s
IT SECURITY PATCH MONITORING WITH NAGIOS
Network devices are usually the best/most “monitored” systems for uptime/performance
They are already set up in Nagios, aren’t they?
26. Patch monitoring: Cisco IOS, ASA, PIX – Nagios Setup
1. Cisco plugin – version compliance check categories
Nagios
IT SECURITY PATCH MONITORING WITH NAGIOS
/srv/app/nagios/etc/objects # vi check_snmp_patchlevel.cfg
2. Cisco plugin –
# Below are the 'approved' versions we explicitly endorse for usage: #
###################################################################### compliance check
approved|ios|12.2(13)ZH2|not OK, but currently being actively upgraded
# Below are the 'obsolete' versions we explicitly disapprove of: # configuration file
######################################################################
obsolete|pix|7.2(2)|end-of-maintenance 2009-07-28
obsolete|ios|12.2(25)SEE4|end-of-maintenance date 2007-12-12
# Below are the 'med-vuln' versions with low to medium criticality #
######################################################################
med-vuln|ios|12.4(6)T8|multiple DOS confirmed (Voice, Stack)
######################################################################
27. Patch monitoring: Cisco IOS, ASA, PIX – Nagios Setup
1. Get, install and test the ‘check_snmp_patchlevel.pl’ script as a plugin
/srv/app/nagios/libexec # ./snmp_patchlevel.pl -H 192.168.203.4 -g ios -C SECro
IOS Version: 12.1(22)EA9 | Cisco Internetwork Operating System Software IOS (tm) C2950 Software
(C2950-I6Q4L2-M), Version 12.1(22)EA9, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2006 by cisco
Systems, Inc. Compiled Fri 01-Dec-06 18:02 by weiliu
2. Configure the new plugin in the Nagios command.cfg section
/srv/app/nagios/etc/objects # vi commands.cfg
define command{
command_name check_snmp_cisco_ios
command_line $USER1$/check_snmp_patchlevel.pl -H $HOSTADDRESS$ -g ios -C $ARG1$ Nagios
}
define command{
command_name check_snmp_cisco_asa
command_line $USER1$/check_snmp_patchlevel.pl -H $HOSTADDRESS$ -g asa -C $ARG1$
}
IT SECURITY PATCH MONITORING WITH NAGIOS
/srv/app/nagios/etc/objects # vi sles10-patch-services.cfg
3. Configure the new
###############################################################################
# Check Cisco Router IOS version against a config file patch monitoring
###############################################################################
define service { service
use generic-patch
hostgroup cisco-routers
name check_snmp_ios_router
service_description check_snmp_ios_router
check_command check_snmp_cisco_ios!SECro
}
31. Patch monitoring Issues and Improvements
Windows: Improving patch identification for WSUS managed systems
Can we switch safely from WSUS to Windows Online and back to WSUS
Cisco: Automate the manual process to identify available updates
Investigate the Cisco IOS Auto‐Upgrade Manager, parse the Cisco Website with CCO credentials?
Expand patch and version monitoring into the applications space:
First target major DB vendors: IBM, Oracle, Microsoft
Combine the “DB up” check with a DB real login and return the DB version using JAVA thinclients
IT SECURITY PATCH MONITORING WITH NAGIOS
Thank you for listening.
Time for Questions?