Using Nagios as a Security Tool JARED BIRD JAREDBIRD@GMAIL.COM TWITTER: @JAREDBIRD
Introduction Who is Jared Bird?
Reasons to carePrevent data theftDeter identity theftAvoid legal issuesProtect brand
Similarities
Headlines
“It wont happen to us”It can happen to anyone (even security vendors)
Uh Ohhttp://www.coresecurity.com – September 22, 2011
What to protect Data Hardware Intellectual Property Brand
ThreatsDefault configurationsWebsite defacementMissing patchesDNS redirectionUnused servicesUnauthorized useMany, many more
Monitoring Automation Early detection Quick resolution Integrity
Default ConfigurationsDefault passwordsblank sa account Once password is set, monitor with new credentialsXI Auto-discover...
Web Monitor for defacement check_http –H www.yoursite.com –s “sekret” Checks for “sekret” string Ch...
Software InstalledCheck url for content (version)Ex: http://www.adobe.com/software/flash/about/ Check for string “10.3.183...
DNS Have DNS entries changed? DNS hijacked High Impact
Unused ServicesAuto-discoveryCheck for insecureservicesCheck for previouslydisabled services
Unauthorized UseLDAP check for account creationSyslog output from infrastructureSnort alert (snmp)
Other Uses?Monitor video cameras http://bit.ly/bY2tjdIdeas?
Questions? Jared Birdjaredbird@gmail.com Twitter: @jaredbird Thank You
of 18

Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool

Jared Bird's presentation on using Nagios as a security tool. The presentation was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Published on: Mar 3, 2016
Published in: Technology      
Source: www.slideshare.net


Transcripts - Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool

  • 1. Using Nagios as a Security Tool JARED BIRD JAREDBIRD@GMAIL.COM TWITTER: @JAREDBIRD
  • 2. Introduction Who is Jared Bird?
  • 3. Reasons to carePrevent data theftDeter identity theftAvoid legal issuesProtect brand
  • 4. Similarities
  • 5. Headlines
  • 6. “It wont happen to us”It can happen to anyone (even security vendors)
  • 7. Uh Ohhttp://www.coresecurity.com – September 22, 2011
  • 8. What to protect Data Hardware Intellectual Property Brand
  • 9. ThreatsDefault configurationsWebsite defacementMissing patchesDNS redirectionUnused servicesUnauthorized useMany, many more
  • 10. Monitoring Automation Early detection Quick resolution Integrity
  • 11. Default ConfigurationsDefault passwordsblank sa account Once password is set, monitor with new credentialsXI Auto-discovery check for insecure protocolsScheduled scans and output to Nagios
  • 12. Web Monitor for defacement check_http –H www.yoursite.com –s “sekret” Checks for “sekret” string Check certificate check_http –H www.mysite.com –C 21 Checks certificate for 21 days of validity DDOS alerts
  • 13. Software InstalledCheck url for content (version)Ex: http://www.adobe.com/software/flash/about/ Check for string “10.3.183.10”Manually update stringBetter way?
  • 14. DNS Have DNS entries changed? DNS hijacked High Impact
  • 15. Unused ServicesAuto-discoveryCheck for insecureservicesCheck for previouslydisabled services
  • 16. Unauthorized UseLDAP check for account creationSyslog output from infrastructureSnort alert (snmp)
  • 17. Other Uses?Monitor video cameras http://bit.ly/bY2tjdIdeas?
  • 18. Questions? Jared Birdjaredbird@gmail.com Twitter: @jaredbird Thank You

Related Documents