G.R.E.E.N Open Source Security Tools OWASP Malaysia

G.R.E.E.N Open Source Security Tools OWASP Malaysia

Harisfazillah Jamel presentation during KL GreenHat 2011 UniKL Kuala Lumpur Malaysia - http://greenhat.my/


Transcript :-

Open Source Security Tools 

OWASP Malaysia 
KL GreenHat - 10 Feb 2011 


G roup 
R econ 
E ducation 
E motion Control 
N eutralized 

G roup 

G roup 

• We all need to be in a group
• We need to have policy 
• We have rules to follow 

G roup 

We all belong to group 
Company, community and education 
Why policy and rules ? 

G roup 

Haris, please reset root password? 
I have only user privileges 
BUT I can do it. 

ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you. 

clue : chmod +s and sudo 

G roup 

Within Group 
We can set policy and rules 
We can implement policy and rules 
We can by law punish who break the rules 

We can share knowledge and experience 

(Company Organisation Community) = GROUP 

G roup 

Organisation need to have security policy 

Internal threat cause most security breaches 

G roup 

Rules thats within security policy 

Internal threat cause most security breaches 

G roup 

Audit Tools - By hand :) 

G roup 

Audit Tools - Checklist 
Benchmark Audit Tool - cisecurity.org 


G roup 

Audit Tools 

Bastille Unix 

• A hardening script 
• bastille --report 
• http://bastille-linux.sourceforge.net/ 

G roup 

Pentest - To check your own weakness 

Server - OpenVAS, Nikto, nmap 
Wireless - aircrack-ng, weplab, WEPCrack, airsnort 
Network - tcpdump, wireshark 

R econ 

R econ 

We need to know and be active 

• Log monitoring 
• Process monitoring 
• Network Monitoring 
• Files Monitoring 
• Host Monitoring 
• Human Monitoring 

R econ 

Log Monitoring 

Central logging - syslog-ng
Monitoring File Log - swatch 

R econ 

Process Monitoring 

Barking at daemons - Monit 

R econ 

Network Monitoring 

Network Intrusion Detection System 

• Snort 
• Snort Web interface using ACID 
• BRO - ada berani (need to customize) 

R econ 

Files Monitoring 

Files integrity Checking 

• Advanced Intrusion Detection Environment - AIDE 
• Open Source Tripwire 

R econ 

Host Monitoring 

host-based intrusion detection system (HIDS) 

• OSSEC HIDS - www.ossec.net 
• Samhain - la-samhna.de/samhain
• OSiris - osiris.shmoo.com 
Detect files changes and monitoring the logs andwarn system admin. 

R econ 

Human Monitoring 

Opensource CCTV 
Zoneminder - www.zoneminder.com 

E ducation 

E ducation 

Lack of awareness about security. 
Users - bring in trojan 
Sysadmin - server hijack 
Developers - not so secure web application 
Management - No ICT Security policy 

E ducation 

Action Plan 
Users - Cybersafe Malaysia 
Sysadmin - OWASP Webgoat 
Developers - OWASP top 10 
Management - Create and implement Security policy 

E ducation 

Users - Cybersafe Malaysia 


E ducation 

Sysadmin - OWASP Webgoat 

The primary goal of the WebGoat project is simple: 
create a de-facto interactive teaching environment for 
web application security. 

E ducation 

Developers - OWASP Top 10 2010 

A1: Injection 
A2: Cross-Site Scripting (XSS) 
A3: Broken Authentication and Session 
A4: Insecure Direct Object References 
A5: Cross-Site Request Forgery (CSRF) 
A6: Security Misconfiguration 
A7: Insecure Cryptographic Storage 
A8: Failure to Restrict URL Access 
A9: Insufficient Transport Layer Protection 
A10: Unvalidated Redirects and Forwards 

E ducation 

Management - Create and implement security policy 

Certification is important 
Get your people certified 

E motion Control 

E motion Control 

Be Calm 

You will stress out if you not. 

Be Patient 

Knowledge come from learning 
Experience come from doing 

Its all about time 

E motion Control 

Bos Wars 
Globulation 2 
Opensource games 


N eutralized 

N eutralized 

Block the attack 

• Firewall 
•Intrusion Prevention Framework 
Filter the packets and data 
• Web proxy 
• Email filter 
Protect the connection 

N eutralized 

Block the attack 


• M0n0wall 
• PFsense 

Intrusion Prevention Framework 

• Fail2ban 
• TCP Wrapper 

N eutralized 

Filter the packets and data 


• Squid + Dansguardian 
• Nginx 

Email Filter 

• Amavis-new 
• Mailscanner 

N eutralized 

Protect the connection 
Using SSL - OpenSSL 
VPN - OpenVPN 
Encryption - GnuPG 

OWASP Malaysia 

OWASP Malaysia Local Chapter 

The Open Web Application Security Project 
(OWASP) is a not-for-profit worldwide charitable 
organization focused on improving the security of 
application software. 


The End 

Malaysia OSS Community Survey 2011 on Awareness of OSS Certification -survey.mosc.my 

Malaysia Open Source Conference 2011 portal.

Harisfazillah Jamel 

linuxmalaysia @ gmail.com haris @ bytecraft.com.my 

10 Feb 2011 

Update Your Internet Explorer Or Change Your Internet Browser or Change Your Operating System

Update Your Internet Explorer Or Change Your Internet Browser or Change Your Operating System

MA-265.012011 : MyCERT Alert - Critical Vulnerability in Microsoft Windows

The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.

An attacker who successfully exploits this vulnerability will be able to execution of arbitrary attacker-supplied script code in the context of Internet Explorer. This may allow the attacker to obtain sensitive information, spoof content, or perform arbitrary actions on a targeted website in the context of the victim.

Windows users please update your Internet Explorer or use others alternative like

Mozilla Firefox

Google Chrome

More options to Internet Explorer alternative.

Alternative Browser Alliance

Browse Free Browse Happy

Viewable With Any Browser

Linux your choice of new and future Operating System


Microsoft Windows MHTML script injection vulnerability

Microsoft warning over browser security flaw

Popular Posts


64bit Activity Adempire advocate Akta Apache ASAS Azam backup backuppc Bash Beowulf Big Data Broadband Budget Centos Cinta Cluster CMS cmsfornerd Company Complain computer Computer Operation Conference Contest Data Centre Operation DBmail Digg Digital Certification Discussion Group Django DNS Docker Domain Duit Online Economy Elastic Stack Elasticsearch ELK email email server English Evangelist Events Family Tree Fedora File System Firefox Foss FOSS.my FreeBSD FTX Gesaan Gluster Gmail Godaddy.com Google Google App GTUG Hacking Hadoop hafnie Harisfazillah Jamel horde HP-UX hwclock IBM ICT Service Delivery and Operation Indonesia Internet Internet Tools Itanium Jabatan IT Negara Jaring Java Javascript Jepun Jiwang Joke Joomla K3S K3Sup Kernel Kesihatan Kibana KOSTEM Kubernetes ldap Linux Linux Counter linuxmalaysia Logstash Love Mailman MailScanner Mailwatch Malay Malaysia MAMPU MDeC meetup Melaka Melayu Merdeka Microsoft Migration mirror sites Money Online Monitor MOSC 2010 MOSC2010 mosc2011 MOSC2013 MOSCMY MOSCMY2014 MOSCMY2015 Mozilla MPI MSC Malaysia MSC Malaysia OSCONF MSCOSCONF My Love MyGOSSCON MyMeeting Mypenguin99 mysql Nagios NagiosQL Negaraku Nginx nss_ldap ntp OBW2014 Open Office Open Source openldap Openoffice.org OpenSSH OpenStack Opera OS2 OS400 OSCC OSCC MAMPU osdc.my OSS OSS Policy OWASP Parallel Computing People Power Personal Petition PGP PHP Pligg Podman Politik Postfix Postgresql Programming Proxmox Python q1moscmy2015 Questionnaires Research Research tools RPM SASSIAN Sassian 85-89 Sassians 85-89 SCO Security Sekolah Sekolah Alam Shah Shell script Software License Solaris SongketMail SongketMailFilter sourceforge spam spamassassin Spoof SSH Survey SVR4 System Tools Technorati Terjemahan Terminal TMnet Tor Training translation Treasury Malaysia Trend Micro Twitter Ubuntu Unix Virtualization VMS VOIP Wang Web Server Windows Zimbra

LinuxMalaysia Mastodon