G.R.E.E.

N Open Source Security Tools OWASP Malaysia

Slide :

http://blog.harisfazillah.info/2011/02/green-open-source-security-tools-owasp.html

http://www.docstoc.com/docs/71251140/green_klgreenhat_10022011

Harisfazillah Jamel presentation during KL GreenHat 2011 UniKL Kuala Lumpur Malaysia -
http://greenhat.my/

Archive

http://www.scribd.com/doc/48505680/Open-Source-Security-Tools-OWASP-Malaysia-KL-GreenHat-
2011-UniKL

http://www.slideshare.net/linuxmalaysia/green-open-source-security-tools-owasp-malaysia

Transcript :-

G.R.E.E.N
Open Source Security Tools

OWASP Malaysia
www.owasp.my
KL GreenHat - 10 Feb 2011

G.R.E.E.N

G roup
R econ
E ducation
E motion Control
N eutralized

G.R.E.E.N
G roup

G roup

• We all need to be in a group

• We need to have policy
• We have rules to follow

G roup

We all belong to group

Company, community and education
Why policy and rules ?

G roup

Haris, please reset root password?

:)
I have only user privileges
BUT I can do it.

ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you.

clue : chmod +s and sudo

G roup

Within Group
We can set policy and rules
We can implement policy and rules
We can by law punish who break the rules

We can share knowledge and experience

(Company Organisation Community) = GROUP

G roup

Organisation need to have security policy

Internal threat cause most security breaches

G roup

Rules thats within security policy

Internal threat cause most security breaches

G roup

Audit Tools - By hand :)

G roup

Audit Tools - Checklist

Benchmark Audit Tool - cisecurity.org
OWASP How To

http://www.owasp.org/index.php/Category:How_To
G roup

Audit Tools

Bastille Unix

• A hardening script
• bastille --report
• http://bastille-linux.sourceforge.net/

G roup

Pentest - To check your own weakness

Server - OpenVAS, Nikto, nmap

Wireless - aircrack-ng, weplab, WEPCrack, airsnort
Network - tcpdump, wireshark

G.R.E.E.N
R econ

R econ

We need to know and be active

• Log monitoring
• Process monitoring
• Network Monitoring
• Files Monitoring
• Host Monitoring
• Human Monitoring

R econ

Log Monitoring

Central logging - syslog-ng

Monitoring File Log - swatch

R econ

Process Monitoring

Barking at daemons - Monit

R econ

Network Monitoring
Network Intrusion Detection System

• Snort
• Snort Web interface using ACID
• BRO - ada berani (need to customize)

R econ

Files Monitoring

Files integrity Checking

• Advanced Intrusion Detection Environment - AIDE

• Open Source Tripwire

R econ

Host Monitoring

host-based intrusion detection system (HIDS)

• OSSEC HIDS - www.ossec.net

• Samhain - la-samhna.de/samhain
• OSiris - osiris.shmoo.com
Detect files changes and monitoring the logs andwarn system admin.

R econ

Human Monitoring

Opensource CCTV
Zoneminder - www.zoneminder.com

G.R.E.E.N
E ducation

E ducation

Lack of awareness about security.

Users - bring in trojan
Sysadmin - server hijack
Developers - not so secure web application
Management - No ICT Security policy

E ducation

Action Plan
Users - Cybersafe Malaysia
Sysadmin - OWASP Webgoat
Developers - OWASP top 10
Management - Create and implement Security policy

E ducation

Users - Cybersafe Malaysia

www.cybersafe.my

E ducation

Sysadmin - OWASP Webgoat

The primary goal of the WebGoat project is simple:

create a de-facto interactive teaching environment for
web application security.

E ducation

Developers - OWASP Top 10 2010

A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session
Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards

E ducation

Management - Create and implement security policy

Certification is important
Get your people certified

G.R.E.E.N
E motion Control

E motion Control

Be Calm

You will stress out if you not.

Be Patient

Knowledge come from learning

Experience come from doing

Its all about time

E motion Control

TuxRacer
Bos Wars
Globulation 2
FreeCol
LinCity-NGSauerbraten
Sokoban
EnigmaBillardGL
Wesnoth
FlightgearBzflag
Opensource games

G.R.E.E.N

N eutralized

N eutralized

Block the attack

• Firewall
•Intrusion Prevention Framework
Filter the packets and data
• Web proxy
• Email filter
Protect the connection

N eutralized

Block the attack

Firewall

• M0n0wall
• PFsense

Intrusion Prevention Framework

• Fail2ban
• TCP Wrapper
N eutralized

Filter the packets and data

Webproxy

• Squid + Dansguardian
• Nginx

Email Filter

• Amavis-new
• Mailscanner

N eutralized

Protect the connection

Using SSL - OpenSSL
VPN - OpenVPN
Encryption - GnuPG

OWASP Malaysia

OWASP Malaysia Local Chapter

The Open Web Application Security Project

(OWASP) is a not-for-profit worldwide charitable
organization focused on improving the security of
application software.

www.owasp.my

The End

Malaysia OSS Community Survey 2011 on Awareness ofOSS Certification -survey.mosc.my

Malaysia Open Source Conference 2011 portal.

mosc.my

Harisfazillah Jamel

linuxmalaysia @ gmail.com haris @ bytecraft.com.my

10 Feb 2011