Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Security Management using Open Source Software

No description
by

Babar Zahoor

on 13 January 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Security Management using Open Source Software

Software
Network Services
Authentication services
DNS
FTP
WEB
File sharing
Data Bases
etc
Want to Secure what?
IT Infrastructure Security
CIA?
C = Confidentiality
I = Integrity
A = Availability
Physical Security
Always start securing things from physical security
Linux Box Security
Few steps to secure Linux box
Securing IT Infrastructure
Use these practices to securing your IT infrastructure
Security Management using Open Source Software
by
Open Source Foundation Of Pakistan
IT Infrastructure
Linux Box
IT Infrastructure components
Servers
SAN/NAS
Network Switches
Firewalls
Routers
UPS
Power Generators
Security ? where to start
Operating Systems
Linux
Windows

Secure Servers
Routers
Firewalls
Network Switches
SAN/NAS
Keep always firewall active & on

[root@opensourceeducation ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 5
DROP all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-SSH (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
only allow those ports which needs to be served
i.e.
www or http :80
/sbin/chkconfig --list |grep '3:on'
chkconfig serviceName off


Securing ssh service
by restricting root access
/etc/ssh/sshd_config
install fail2ban service
Yum or apt-get install fail2ban
Check the services which will be started automatically on restart or start of Linux box
Install Snort service
yum or apt-get install snort
Limit terminal sessions
install rootkit check
install lynis audit tool
install aide audit tool
disable boot from cd/dvd/usb
set password on grub boot loader
disable ctrl+alt+del key shutdown
stop packet forward rules
/etc/sysctl.conf
install clamav antivirus for SMB folders
Install Firewall box
any Open Source box i.e.
IPtables
pfSense
Endian
IPcop
Shorewall
Central Logging System
syslogd server
Configure NMS
Nagios
GroundWorks Open Source
Zenoss
Configure Provisioning & Configuration Management System
Cobbler
Puppet
Red hat Satellite server
Space Walk server http://spacewalk.redhat.com/
Configure SIEM system for alerts
AlienValut
http://upload.wikimedia.org/wikipedia/commons/5/5c/Alienvault_capture.png
Configure CA & Directory Services
Exchange ssh keys between servers
to communicate
use vpn between IT environments
OpenVPN
Resources to check system important security updates
http://cisecurity.org/
http://prism-break.org/en/


Important Linux security distributions
https://fedoraproject.org/wiki/Security_Lab
http://www.kali.org/
Full transcript