Fedora Osstmm Secspinv2

7/28/2019 Fedora Osstmm Secspinv2

1/33

and the OSSTMMSecurity Spin

Thorough, Safe and Secure

Joerg Simon

[email protected]

http://fedoraproject.org
mailto:[email protected]:[email protected]


2/33

The fedora project and theOSSTMM by ISECOM both areindependent non profit entities

Both are part of theFOSS ECO System!

Share good relationships

/me

[ indemnification ]

This presentation incl. Fedora Artwork

& all Backgrounds licensed cc-by-sa

by fedora

OSSTMM logos and schematics licensed by Open Methodology Licence


3/33

[fedora security spin]

A open source

platform for

- security-auditing

- forensics

- penetration-testing


4/33

[ features

]- a safe livecd-place for testing

- all fedora security features

- ability to install on HD and USB

- install software anytime

- clean, functional, fast


5/33

[ developed by testers for testers ]

- collaborative developed

- community commercial benefits

- along our core values


6/33


7/33

[ test-tool all-stars ]


8/33

[ security features ]


9/33

[ little treasures ]


10/33

[ know ]

- your tools

- your responsibility

- the ramification

- a way for proper testing!


11/33

[ there is a way

]


12/33

!= Checklist, solution based, best-practise

- Recommended by the german BSI

- Measurable and comparable results

- Looks into operational Security

- Metric based on Points of Risk

- Thinking Out of the Box

- ISECOM FOSS-Community - since January 2001 NPO

[ Open Source Security Testing Methodology Manual

]


13/33

Usual testing synonymsBlind/Blackbox Pentest

Graybox/Chrystal/RedTeam

Social Engineering

WarDriving

WarDialing

Configuration-Reviews

Code Reviews

[common sence]


14/33


15/33

[ four points ]


16/33

[testpath]


17/33

[ how much security do you really need? ]


18/33

[porosity]

- Visibility

- Access

- Trust


19/33

[Authentication]


20/33

[Indemnification]


21/33

[Resistance]


22/33

[Subjugation]


23/33

[Continuity]


24/33

[non-repudiation]


25/33

[confidentiality]

[privacy]

[integrity]


26/33

[Alarm]

[ i i i ]


27/33

[ Limitations ]

[ ibl b fit ]


28/33

OSSTMM-Security Labbased onfedora security spin

Packaging upstreamTools from the OSSTMM Team

A stable platformfor teaching the curriculum

...

[possible benefits]

[ R ]


29/33

[ Ressources ]

www.osstmm.org

www.isecom.org


30/33

[ possible benefits ]

- usecase for the Security Spin

- new cool upstreams

- better menu structure

- fedora get taught along the OSSTMM


31/33

[ next ]

- move wishlist to fedorahosted

- implement new branding

- improve spin section content

- consider new menustructure along OSSTMM 4points- consider SLiM desktop manager

- consider LXDE as window manager

- implement OSSTMM upstreams like unicornscan

- become a official spin in Fedora 13

The fedora security spin team


32/33

y pLuke MackenAdam Miller

Joerg Simon

bug [email protected]

Development Homehttps://fedorahosted.org/security-spin/

Help us on the Wishlist:https://fedoraproject.org/wiki/SecuritySpin

Your Contribution is welcome
https://fedorahosted.org/security-spin/https://fedoraproject.org/wiki/SecuritySpinhttps://fedoraproject.org/wiki/SecuritySpinhttps://fedorahosted.org/security-spin/


33/33

Thanks!Any Contributions?

Fedora Osstmm Secspinv2

Documents

Transcript of Fedora Osstmm Secspinv2