Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing...

Post on 17-Aug-2020

0 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing...

Agenda

Linux security

1. System hardening2. Technical audits3. Automation

2

Michael Boelen

3

Linux security

4

Areas Core Resources Services Environment

System Hardening Boot ProcessContainersFrameworksKernelService ManagerVirtualization

AccountingAuthenticationCgroupsCryptographyLoggingNamespacesNetworkSoftwareStorageTime

DatabaseMailMiddlewareMonitoringPrintingShellWeb

ForensicsIncident ResponseMalwareRisksSecurity MonitoringSystem Integrity

Security Auditing

Compliance

System Hardening

Security 101

● Ongoing process

● Prevention || Detection

● React and mitigate:○ Hearthbleed

○ Spectre and Meltdown

6

http://heartbleed.com/
https://spectreattack.com/
https://meltdownattack.com/

7

8

Hardening 101

Defenses

● New● Existing● Reduce weaknesses

(= attack surface)

9

Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691

Hardening

Resources

● Center for Internet Security (CIS)● NSA → NIST● OWASP● Vendors● The Internet

10

11

Auditing

Auditing

Why?

● Quality

● Assurance

14

15

Audit (or some pentests)

Typically:10 Run vulnerability scanner20 Apply fix30 goto 10

16

Audit

Better:10 Select target(s)20 Perform audit30 Risk analysis40 Define automation steps50 Implement hardening60 goto 10

17

Automation

Lynis

19

How it works

● Initialization● Run

○ Helpers○ Plugins○ Tests

● Show audit results

20

21

22

Why Lynis?

Flexibility● No dependencies*● Understandable● Create your own tests

* Besides common tools like awk, grep, ps

23

Why Lynis?

Three pillars1. First impression2. Keep it simple3. Next step

24

Why Lynis?

Next step:

25

Running Lynis

● lynis

● lynis audit system

● lynis show

● lynis show commands

26

Lynis Profiles

Optional configuration● Default.prf● Custom.prf● Other profiles

28

Automation

Dealing with findings● Log + website● Create hardening snippet● Automate via Chef, Puppet, Salt, etc.

29

Let’s summarize

Summary

Take action:

1. Perform regular scans2. Get that low-hanging fruit3. Automate the outcome

31

You finished this presentation

Success!

Questions?

Connect● Twitter: @mboelen● LinkedIn: Michael Boelen

Relevant project: https://LinuxSecurity.Expert(security tools, checklists, guides)

33

https://twitter.com/mboelen
https://nl.linkedin.com/in/mboelen

Learn more?

Follow● Blog Linux Audit (linux-audit.com)● Twitter @mboelen

This presentation will be available at michaelboelen.com

34

http://linux-audit.com
https://twitter.com/mboelen
https://michaelboelen.com/presentations/

Top related

EMPANELLED INFORMATION SECURITY AUDITING …
 Documents
#342 – Auditing Security of Oracle Database...Contents • [A] Oracle in a nutshell • [B] Oracle security audit – phases • [C] Auditing – operating system level • [D] Auditing
 Documents
Auditing Security Risks in Virtual IT Systems
 Documents
for Developers Linux Security - CISOfy...Linux Security for Developers Insights for building a (more) secure world Michael Boelen michael.boelen@cisofy.com 14 January 2016 Spying Internet
 Documents
SAFE AND SOUND. INTRODUCTION Elements of Security Auditing Elements of Security Auditing Applications to Customers Network Applications to Customers Network.
 Documents
The state of Linux security in 2016 - CISOfy · PDF fileLINUX SECURITY SUMMIT DIRTY COW Nessus ripwir TM CISOFY AUDITING-HARDENING-COMPLIANCE ... Basics BADGE STATUS FOR LYNIS Show
 Documents
Risk-Driven Database Security - Oracle...Traditional Auditing 13 Fine-Grained Auditing 13 Unified Auditing 13 Enterprise Manager Application Data Model 13 Oracle Advanced Security
 Documents
Search Engine Security Auditing -
 Documents
Auditing/Security with Puppet - PuppetConf 2014
 Technology
Security Auditing Report
 Documents
Implementing and auditing security controls part 1
 Technology
Application and Database Security Auditing, … and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview mission critical applications
 Documents
WebSphere Security Auditing
 Documents
IT Security Auditing - bfiia.org
 Documents
Auditing for Privacy and Security Compliance
 Documents
PROVISIONALLY EMPANELLED INFORMATION SECURITY AUDITING ... · PROVISIONALLY EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In The List of IT Security Auditing Orgnisations,
 Documents
Security Auditing Continuous Process 1150
 Documents
Behind the scenes - CISOfy
 Documents
Research in: Security Planning and Auditing
 Documents
Security Auditing
 Documents

Copyright © 2022 FDOCUMENTS