G.R.E.E.N Open Source Security Tools OWASP Malaysia

G.R.E.E.N Open Source Security Tools OWASP Malaysia


Harisfazillah Jamel presentation during KL GreenHat 2011 UniKL Kuala Lumpur Malaysia - http://greenhat.my/

Archive



Transcript :-

G.R.E.E.N 
Open Source Security Tools 

OWASP Malaysia 
www.owasp.my 
KL GreenHat - 10 Feb 2011 

G.R.E.E.N

G roup 
R econ 
E ducation 
E motion Control 
N eutralized 

G.R.E.E.N 
G roup 

G roup 

• We all need to be in a group
• We need to have policy 
• We have rules to follow 

G roup 

We all belong to group 
Company, community and education 
Why policy and rules ? 

G roup 

Haris, please reset root password? 
:) 
I have only user privileges 
BUT I can do it. 

ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you. 

clue : chmod +s and sudo 

G roup 

Within Group 
We can set policy and rules 
We can implement policy and rules 
We can by law punish who break the rules 

We can share knowledge and experience 

(Company Organisation Community) = GROUP 

G roup 

Organisation need to have security policy 

Internal threat cause most security breaches 

G roup 

Rules thats within security policy 

Internal threat cause most security breaches 

G roup 

Audit Tools - By hand :) 

G roup 

Audit Tools - Checklist 
Benchmark Audit Tool - cisecurity.org 
OWASP How To 

http://www.owasp.org/index.php/Category:How_To 

G roup 

Audit Tools 

Bastille Unix 

• A hardening script 
• bastille --report 
• http://bastille-linux.sourceforge.net/ 

G roup 

Pentest - To check your own weakness 

Server - OpenVAS, Nikto, nmap 
Wireless - aircrack-ng, weplab, WEPCrack, airsnort 
Network - tcpdump, wireshark 

G.R.E.E.N 
R econ 

R econ 

We need to know and be active 

• Log monitoring 
• Process monitoring 
• Network Monitoring 
• Files Monitoring 
• Host Monitoring 
• Human Monitoring 

R econ 

Log Monitoring 

Central logging - syslog-ng
Monitoring File Log - swatch 

R econ 

Process Monitoring 

Barking at daemons - Monit 

R econ 

Network Monitoring 

Network Intrusion Detection System 

• Snort 
• Snort Web interface using ACID 
• BRO - ada berani (need to customize) 

R econ 

Files Monitoring 

Files integrity Checking 

• Advanced Intrusion Detection Environment - AIDE 
• Open Source Tripwire 

R econ 

Host Monitoring 

host-based intrusion detection system (HIDS) 

• OSSEC HIDS - www.ossec.net 
• Samhain - la-samhna.de/samhain
• OSiris - osiris.shmoo.com 
Detect files changes and monitoring the logs andwarn system admin. 

R econ 

Human Monitoring 

Opensource CCTV 
Zoneminder - www.zoneminder.com 

G.R.E.E.N 
E ducation 

E ducation 

Lack of awareness about security. 
Users - bring in trojan 
Sysadmin - server hijack 
Developers - not so secure web application 
Management - No ICT Security policy 

E ducation 

Action Plan 
Users - Cybersafe Malaysia 
Sysadmin - OWASP Webgoat 
Developers - OWASP top 10 
Management - Create and implement Security policy 

E ducation 

Users - Cybersafe Malaysia 

www.cybersafe.my 

E ducation 

Sysadmin - OWASP Webgoat 

The primary goal of the WebGoat project is simple: 
create a de-facto interactive teaching environment for 
web application security. 

E ducation 

Developers - OWASP Top 10 2010 

A1: Injection 
A2: Cross-Site Scripting (XSS) 
A3: Broken Authentication and Session 
Management 
A4: Insecure Direct Object References 
A5: Cross-Site Request Forgery (CSRF) 
A6: Security Misconfiguration 
A7: Insecure Cryptographic Storage 
A8: Failure to Restrict URL Access 
A9: Insufficient Transport Layer Protection 
A10: Unvalidated Redirects and Forwards 

E ducation 

Management - Create and implement security policy 

Certification is important 
Get your people certified 

G.R.E.E.N 
E motion Control 

E motion Control 

Be Calm 

You will stress out if you not. 

Be Patient 

Knowledge come from learning 
Experience come from doing 

Its all about time 

E motion Control 

TuxRacer 
Bos Wars 
Globulation 2 
FreeCol 
LinCity-NGSauerbraten 
Sokoban 
EnigmaBillardGL 
Wesnoth 
FlightgearBzflag 
Opensource games 

G.R.E.E.N 

N eutralized 

N eutralized 

Block the attack 

• Firewall 
•Intrusion Prevention Framework 
Filter the packets and data 
• Web proxy 
• Email filter 
Protect the connection 

N eutralized 

Block the attack 

Firewall 

• M0n0wall 
• PFsense 

Intrusion Prevention Framework 

• Fail2ban 
• TCP Wrapper 

N eutralized 

Filter the packets and data 

Webproxy 

• Squid + Dansguardian 
• Nginx 

Email Filter 

• Amavis-new 
• Mailscanner 

N eutralized 

Protect the connection 
Using SSL - OpenSSL 
VPN - OpenVPN 
Encryption - GnuPG 

OWASP Malaysia 

OWASP Malaysia Local Chapter 

The Open Web Application Security Project 
(OWASP) is a not-for-profit worldwide charitable 
organization focused on improving the security of 
application software. 

www.owasp.my 

The End 

Malaysia OSS Community Survey 2011 on Awareness of OSS Certification -survey.mosc.my 

Malaysia Open Source Conference 2011 portal.
mosc.my 

Harisfazillah Jamel 

linuxmalaysia @ gmail.com haris @ bytecraft.com.my 

10 Feb 2011 

Popular Posts

Labels

64bit Activity Adempire advocate Akta Apache ASAS Azam backup backuppc Bash Beowulf Big Data Broadband Budget Centos Cinta Cluster CMS cmsfornerd Complain computer Computer Operation Conference Contest Data Centre Operation DBmail Digg Digital Certification Discussion Group Django DNS Domain Duit Online Economy email email server English Evangelist Events Family Tree Fedora File System Firefox Foss FOSS.my FreeBSD FTX Gluster Gmail Godaddy.com Google Google App GTUG Hacking Hadoop Harisfazillah Jamel horde HP-UX hwclock IBM Indonesia Internet Internet Tools Itanium Jaring Java Javascript Jepun Jiwang Joke Joomla Kesihatan KOSTEM ldap Linux Linux Counter linuxmalaysia Love Mailman MailScanner Mailwatch Malay Malaysia MAMPU MDeC meetup Melaka Melayu Merdeka Microsoft Migration mirror sites Money Online MOSC 2010 MOSC2010 mosc2011 MOSC2013 MOSCMY MOSCMY2014 MOSCMY2015 Mozilla MPI MSC Malaysia MSC Malaysia OSCONF MSCOSCONF My Love MyGOSSCON MyMeeting Mypenguin99 mysql Nagios NagiosQL Negaraku nss_ldap ntp OBW2014 Open Office Open Source openldap Openoffice.org OpenStack Opera OS2 OS400 OSCC OSCC MAMPU osdc.my OSS OSS Policy OWASP Parallel Computing People Power Personal PGP PHP Pligg Politik Postfix Postgresql Programming Proxmox Python q1moscmy2015 Questionnaires Research Research tools RPM SASSIAN Sassian 85-89 Sassians 85-89 SCO Security Sekolah Sekolah Alam Shah Shell script Software License Solaris SongketMail SongketMailFilter sourceforge spam spamassassin Spoof Survey SVR4 System Tools Technorati Terjemahan Terminal TMnet Training translation Treasury Malaysia Trend Micro Twitter Ubuntu Unix Virtualization VMS VOIP Wang Web Server Windows Zimbra