concept tooling - cisofy · linux security concept → tooling utrecht, 16 january 2016 michael...
TRANSCRIPT
![Page 2: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/2.jpg)
2
![Page 3: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/3.jpg)
Goals
1. Learn what to protect2. Know some strategies3. Learn about tooling
Focus: Linux
3
![Page 4: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/4.jpg)
Agenda
Today1. Hardening2. Auditing3. Guides and Tools
Bonus: Lynis demo
4
![Page 5: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/5.jpg)
Michael Boelen
● Open Source Security○ Rootkit Hunter (malware scan)
○ Lynis (security audit)
● 150+ blog posts at Linux-Audit.com
● Founder of CISOfy
5
![Page 6: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/6.jpg)
Hardening
![Page 7: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/7.jpg)
Q: What is Hardening?
![Page 8: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/8.jpg)
Q: Why Hardening?
![Page 9: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/9.jpg)
![Page 10: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/10.jpg)
10
![Page 11: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/11.jpg)
Hardening
● New defenses
● Existing defenses
● Reduce weaknesses
(attack surface)
11
Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691
![Page 12: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/12.jpg)
Myth
After hardening I’m done
12
![Page 13: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/13.jpg)
Fact
● Security should be an ongoing process
● Which means it is never finished
● New attacks = more hardening○ POODLE
○ Hearthbleed
13
![Page 14: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/14.jpg)
Hardening
What to harden?
● Operating System
● Software + Configuration
● Access controls
14
![Page 15: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/15.jpg)
Hardening
Operating System
● Services
● Users
● Permissions
15
![Page 16: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/16.jpg)
Hardening
Software
● Minimal installation
● Configuration
● Tuning
16
![Page 17: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/17.jpg)
Hardening
Users and Access Controls
● Who can access what
● Password policies
● Accountability
17
![Page 18: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/18.jpg)
Hardening
Encryption
● Good: Encryption solves a lot
● Bad: Knowledge required
● Ugly: Easy to forget
18
![Page 19: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/19.jpg)
Technical Auditing
![Page 20: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/20.jpg)
Auditing
Why audit?
● Checking defenses
● Assurance
● Quality Control
20
![Page 21: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/21.jpg)
Common Strategy
1. Audit
2. Get a lot of findings
3. Start hardening
4. …….
5. Quit21
![Page 22: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/22.jpg)
Improved Strategy
1. Focus
2. Audit
3. Focus
4. Harden
5. Repeat!22
![Page 23: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/23.jpg)
Guides and Tools
![Page 24: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/24.jpg)
Options
● Benchmarks and Guides
● SCAP
● Other resources
● Tools
24
![Page 25: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/25.jpg)
Benchmarks / Guides
● Center for Internet Security (CIS)
● NIST / NSA
● OWASP
● Vendors
25
![Page 26: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/26.jpg)
Benchmarks / Guides
ProsFree to useDetailedYou are in control
26
ConsTime intensiveUsually no toolingLimited distributionsDelayed releases
![Page 27: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/27.jpg)
Tooling
![Page 28: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/28.jpg)
Tools
Tools make life easier, right?
Not always...
28
![Page 29: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/29.jpg)
Tools
Problem 1: There aren’t many
29
![Page 30: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/30.jpg)
Tools
Problem 2: Usually outdated
30
![Page 31: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/31.jpg)
Tools
Problem 3: Limited in their support
31
![Page 32: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/32.jpg)
Tools
Problem 4: Hard to use
32
![Page 33: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/33.jpg)
Tool 1: SCAP
![Page 34: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/34.jpg)
SCAP
● Security
● Content
● Automation
● Protocol
34
![Page 35: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/35.jpg)
SCAP
Combination of:● Markup● Rules● Tooling● Scripts
35
![Page 36: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/36.jpg)
SCAP features● Common Vulnerabilities and Exposures (CVE)● Common Configuration Enumeration (CCE)● Common Platform Enumeration (CPE)● Common Vulnerability Scoring System (CVSS)● Extensible Configuration Checklist Description Format (XCCDF)● Open Vulnerability and Assessment Language (OVAL)
Starting with SCAP version 1.1● Open Checklist Interactive Language (OCIL) Version 2.0
Starting with SCAP version 1.2● Asset Identification● Asset Reporting Format (ARF)● Common Configuration Scoring System (CCSS)● Trust Model for Security Automation Data (TMSAD)
36
![Page 37: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/37.jpg)
Complexity?List of Tables (Common Configuration Scoring System (CCSS))Table 1. Access Vector Scoring Evaluation ..................................................................................8
Table 2. Authentication Scoring Evaluation ..................................................................................9
Table 3. Access Complexity Scoring Evaluation.........................................................................10
Table 4. Confidentiality Impact Scoring Evaluation.....................................................................11
Table 5. Integrity Impact Scoring Evaluation ..............................................................................12
Table 6. Availability Impact Scoring Evaluation ..........................................................................12
Table 7. General Exploit Level Scoring Evaluation.....................................................................13
Table 8. General Remediation Level Scoring Evaluation ...........................................................14
Table 9. Local Vulnerability Prevalence Scoring Evaluation.......................................................15
Table 10. Perceived Target Value Scoring Evaluation ...............................................................15
Table 11. Local Remediation Level Scoring Evaluation..............................................................16
Table 12. Collateral Damage Potential Scoring Evaluation ........................................................17
37
![Page 38: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/38.jpg)
SCAP Overview
ProsFree to useFocused on automation
38
ConsLimited distributionsComplexityHard to customize
![Page 39: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/39.jpg)
Tool 2: Lynis
![Page 40: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/40.jpg)
Lynis
40
![Page 41: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/41.jpg)
Lynis
Goals● Perform a quick security scan● Collect data● Define next hardening steps
41
![Page 42: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/42.jpg)
Lynis
Background● Since 2007● Goals
○ Flexible○ Portable
42
![Page 43: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/43.jpg)
Lynis
Open Source Software● GPLv3● Shell● Community
43
![Page 44: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/44.jpg)
Lynis
Simple● No installation needed● Run with just one parameter● No configuration needed
44
![Page 45: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/45.jpg)
Lynis
Flexibility● No dependencies*● Option to extend easily● Custom tests
* Besides common tools like awk, grep, ps
45
![Page 46: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/46.jpg)
Lynis
Portability● Run on all Unix platforms● Detect and use “on the go”● Usable after OS version upgrade
46
![Page 47: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/47.jpg)
How it works
1. Initialise
2. OS detection
3. Detect binaries
4. Run helpers/plugins/tests
5. Show report47
![Page 48: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/48.jpg)
Running
1. lynis
2. lynis audit system
3. lynis audit system --quick
4. lynis audit system --quick --quiet
48
![Page 49: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/49.jpg)
Demo?
![Page 50: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/50.jpg)
Conclusions
● Protect your precious
● Hardening
● Do regular checks
50
![Page 51: Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen michael.boelen@cisofy.com. 2. Goals 1. Learn what to protect 2. Know some strategies](https://reader034.vdocuments.mx/reader034/viewer/2022042323/5f0d15327e708231d43897f2/html5/thumbnails/51.jpg)
You finished this presentation
Success!