![Page 1: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/1.jpg)
G.R.E.E.N
Open Source Security Tools
OWASP Malaysiawww.owasp.my
KL GreenHat - 10 Feb 2011
![Page 2: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/2.jpg)
G.R.E.E.N
G roupR econE ducationE motion ControlN eutralized
![Page 3: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/3.jpg)
G.R.E.E.N
G roup
![Page 4: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/4.jpg)
G roup
• We all need to be in a group• We need to have policy• We have rules to follow
![Page 5: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/5.jpg)
G roup
We all belong to group
Company, community and education
Why policy and rules ?
![Page 6: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/6.jpg)
G roup
Haris, please reset root password?
:)
I have only user privileges
BUT I can do it.
ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you.clue : chmod +s and sudo
![Page 7: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/7.jpg)
G roup
Within GroupWe can set policy and rules
We can implement policy and rulesWe can by law punish who break the rules
We can share knowledge and experience
(Company Organisation Community) = GROUP
![Page 8: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/8.jpg)
G roup
Organisation need to have security policy
Internal threat cause most security breaches
![Page 9: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/9.jpg)
G roup
Rules thats within security policy
Internal threat cause most security breaches
![Page 10: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/10.jpg)
G roup
Audit Tools - By hand :)
![Page 11: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/11.jpg)
G roup
Audit Tools - Checklist
Benchmark Audit Tool - cisecurity.org
OWASP How To
http://www.owasp.org/index.php/Category:How_To
![Page 12: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/12.jpg)
G roup
Audit Tools
Bastille Unix
• A hardening script• bastille --report• http://bastille-linux.sourceforge.net/
![Page 13: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/13.jpg)
G roup
Pentest - To check your own weakness
Server - OpenVAS, Nikto, nmap
Wireless - aircrack-ng, weplab, WEPCrack, airsnort
Network - tcpdump, wireshark
![Page 14: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/14.jpg)
G.R.E.E.N
R econ
![Page 15: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/15.jpg)
R econ
We need to know and be active
• Log monitoring• Process monitoring• Network Monitoring• Files Monitoring• Host Monitoring• Human Monitoring
![Page 16: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/16.jpg)
R econ
Log Monitoring
Central logging - syslog-ngMonitoring File Log - swatch
![Page 17: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/17.jpg)
R econ
Process Monitoring
Barking at daemons - Monit
![Page 18: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/18.jpg)
R econ
Network Monitoring
Network Intrusion Detection System
• Snort
• Snort Web interface using ACID
• BRO - ada berani (need to customize)
![Page 19: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/19.jpg)
R econ
Files Monitoring
Files integrity Checking
• Advanced Intrusion Detection Environment - AIDE• Open Source Tripwire
![Page 20: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/20.jpg)
R econ
Host Monitoring
host-based intrusion detection system (HIDS)
• OSSEC HIDS - www.ossec.net• Samhain - la-samhna.de/samhain• OSiris - osiris.shmoo.com
Detect files changes and monitoring the logs and warn system admin.
![Page 21: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/21.jpg)
R econ
Human Monitoring
Opensource CCTV
Zoneminder - www.zoneminder.com
![Page 22: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/22.jpg)
G.R.E.E.N
E ducation
![Page 23: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/23.jpg)
E ducation
Lack of awareness about security.
Users - bring in trojan
Sysadmin - server hijack
Developers - not so secure web application
Management - No ICT Security policy
![Page 24: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/24.jpg)
E ducation
Action Plan
Users - Cybersafe Malaysia
Sysadmin - OWASP Webgoat
Developers - OWASP top 10
Management - Create and implement Security policy
![Page 25: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/25.jpg)
E ducation
Users - Cybersafe Malaysia
www.cybersafe.my
![Page 26: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/26.jpg)
E ducation
Sysadmin - OWASP Webgoat
The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security.
![Page 27: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/27.jpg)
E ducationDevelopers - OWASP Top 10 2010A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Unvalidated Redirects and Forwards
![Page 28: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/28.jpg)
E ducation
Management - Create and implement security policy
Certification is importantGet your people certified
![Page 29: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/29.jpg)
G.R.E.E.N
E motion Control
![Page 30: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/30.jpg)
E motion Control
Be Calm
You will stress out if you not.
Be Patient
Knowledge come from learningExperience come from doing
Its all about time
![Page 31: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/31.jpg)
E motion Control
TuxRacerBos WarsGlobulation 2FreeColLinCity-NGSauerbratenSokobanEnigmaBillardGLWesnothFlightgearBzflag
Opensource games
![Page 32: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/32.jpg)
G.R.E.E.N
N eutralized
![Page 33: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/33.jpg)
N eutralized
Block the attack
• Firewall• Intrusion Prevention Framework
Filter the packets and data
• Web proxy• Email filter
Protect the connection
![Page 34: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/34.jpg)
N eutralized
Block the attack
Firewall
• M0n0wall• PFsense
Intrusion Prevention Framework
• Fail2ban• TCP Wrapper
![Page 35: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/35.jpg)
N eutralized
Filter the packets and data
Webproxy
• Squid + Dansguardian• Nginx
Email Filter
• Amavis-new• Mailscanner
![Page 36: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/36.jpg)
N eutralized
Protect the connection
Using SSL - OpenSSL
VPN - OpenVPN
Encryption - GnuPG
![Page 37: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/37.jpg)
OWASP Malaysia
OWASP Malaysia Local Chapter
The Open Web Application Security Project (OWASP) is a not-for-profit worldwide charitable organization focused on improving the security of application software.
www.owasp.my
![Page 38: Open Source Security Tools OWASP Malaysia - KL GreenHat 2011 UniKL](https://reader034.vdocuments.mx/reader034/viewer/2022052618/551d85954979595f198b4be0/html5/thumbnails/38.jpg)
The End
Malaysia OSS Community Survey 2011 on Awareness of OSS Certification - survey.mosc.my
Malaysia Open Source Conference 2011 - portal.mosc.my
Harisfazillah Jamel
linuxmalaysia @ gmail.comharis @ bytecraft.com.my
10 Feb 2011