Nagios core vs. nagios xi presentation power point.pptx [diperbaiki]
Nagios: Providing Value Throughout the Organization
description
Transcript of Nagios: Providing Value Throughout the Organization
![Page 2: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/2.jpg)
Introduction
Who is Jared Bird?
![Page 3: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/3.jpg)
Nagios
![Page 4: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/4.jpg)
Providing Value
Provide knowledgeAssist other departmentsStrengthen inter-
department relationshipsAchieve company wide
goalsReduce costs
![Page 5: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/5.jpg)
Understanding
What are the goals of the other departments?
![Page 6: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/6.jpg)
Infrastructure
Network, Server, and Desktop Teams
Concerns include: Availability Capacity Utilization Functioning Properly
![Page 7: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/7.jpg)
Security
Prevent data theftDeter identity theftAvoid legal issuesProtect brand“CIA Triad”
Confidentiality Integrity Availability
![Page 8: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/8.jpg)
Threats
Default configurationsWebsite defacementMissing patchesDNS redirectionUnauthorized useMany, many more
![Page 9: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/9.jpg)
![Page 10: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/10.jpg)
Default Configurations
Default passwordsblank sa account
Once password is set, monitor with new credentials
XI Auto-discovery check for insecure protocols
Scheduled scans and output to Nagios
![Page 11: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/11.jpg)
Website
Monitor for defacement check_http –H
www.yoursite.com –s “sekret” Checks for “sekret”
string
Check certificate check_http –H
www.mysite.com –C 21 Checks certificate for 21
days of validity
![Page 12: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/12.jpg)
Software Installed
Check url for content (version)Ex:
http://www.adobe.com/software/flash/about/ Check for string “11.4.102.265”
![Page 13: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/13.jpg)
DNS
Have DNS entries changed?
DNS hijackedHigh Impact
![Page 14: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/14.jpg)
Unauthorized Use
LDAP check for account creationSyslog output from infrastructureSNMP Alerts
![Page 15: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/15.jpg)
Audit & Compliance
PCISOXHIPPAAlmost every
regulation*
* Note: Speaker will not be held responsible if Nagios does not help achieve compliance with a specific regulation
![Page 16: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/16.jpg)
PCI
PCI DSSAny organization that
processes, stores, or transmits credit card data
Requirements 12 overall requirements 287 individual
requirements
![Page 17: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/17.jpg)
PCI
Reqs 1&2: Build and Maintain a Secure Network Auto-discovery to look for services Checks to verify that vendor defaults have been
changed
Reqs 3&4: Protect Cardholder Data Scan for insecure protocols Check for expiration of SSL certificates
Reqs 5&6: Maintain a Vulnerability Management Program Check the anti-virus process to ensure it is running
![Page 18: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/18.jpg)
PCI
Reqs 7,8,& 9: Implement Strong Access Control Measures LDAP checks to ensure LDAP server is functioning Web Transaction Monitoring can be used to check two factor
Reqs 10&11: Regularly Monitor and Test Networks Check NTP Event logs from servers
Req 12: Maintain an Information Security Program Use device listings as well as contact info (incident response
plan)
![Page 19: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/19.jpg)
SOX
Sarbanes-Oxley or Public Company Accounting Reform and Investors Protection Act
Section 404: Assessment of internal controlNagios can help management show that
controls for assuring the integrity of the financial reports are effective.
![Page 20: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/20.jpg)
HIPAA Headlines
![Page 21: Nagios: Providing Value Throughout the Organization](https://reader036.fdocuments.in/reader036/viewer/2022070408/568143e7550346895db06d8e/html5/thumbnails/21.jpg)
HIPAA
Technical Safeguards: Access Control Audit Control Integrity Controls Transmission Security