Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing...
Transcript of Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing...
![Page 1: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/1.jpg)
![Page 2: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/2.jpg)
Agenda
Linux security
1. System hardening2. Technical audits3. Automation
2
![Page 3: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/3.jpg)
Michael Boelen
3
![Page 4: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/4.jpg)
Linux security
4
Areas Core Resources Services Environment
System Hardening Boot ProcessContainersFrameworksKernelService ManagerVirtualization
AccountingAuthenticationCgroupsCryptographyLoggingNamespacesNetworkSoftwareStorageTime
DatabaseMailMiddlewareMonitoringPrintingShellWeb
ForensicsIncident ResponseMalwareRisksSecurity MonitoringSystem Integrity
Security Auditing
Compliance
![Page 5: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/5.jpg)
System Hardening
![Page 6: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/6.jpg)
Security 101
● Ongoing process
● Prevention || Detection
● React and mitigate:○ Hearthbleed
○ Spectre and Meltdown
6
![Page 7: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/7.jpg)
7
![Page 8: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/8.jpg)
8
![Page 9: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/9.jpg)
Hardening 101
Defenses
● New● Existing● Reduce weaknesses
(= attack surface)
9
Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691
![Page 10: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/10.jpg)
Hardening
Resources
● Center for Internet Security (CIS)● NSA → NIST● OWASP● Vendors● The Internet
10
![Page 11: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/11.jpg)
11
![Page 12: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/12.jpg)
![Page 13: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/13.jpg)
Auditing
![Page 14: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/14.jpg)
Auditing
Why?
● Quality
● Assurance
14
![Page 15: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/15.jpg)
15
![Page 16: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/16.jpg)
Audit (or some pentests)
Typically:10 Run vulnerability scanner20 Apply fix30 goto 10
16
![Page 17: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/17.jpg)
Audit
Better:10 Select target(s)20 Perform audit30 Risk analysis40 Define automation steps50 Implement hardening60 goto 10
17
![Page 18: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/18.jpg)
Automation
![Page 19: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/19.jpg)
Lynis
19
![Page 20: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/20.jpg)
How it works
● Initialization● Run
○ Helpers○ Plugins○ Tests
● Show audit results
20
![Page 21: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/21.jpg)
21
![Page 22: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/22.jpg)
22
![Page 23: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/23.jpg)
Why Lynis?
Flexibility● No dependencies*● Understandable● Create your own tests
* Besides common tools like awk, grep, ps
23
![Page 24: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/24.jpg)
Why Lynis?
Three pillars1. First impression2. Keep it simple3. Next step
24
![Page 25: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/25.jpg)
Why Lynis?
Next step:
25
![Page 26: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/26.jpg)
Running Lynis
● lynis
● lynis audit system
● lynis show
● lynis show commands
26
![Page 27: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/27.jpg)
![Page 28: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/28.jpg)
Lynis Profiles
Optional configuration● Default.prf● Custom.prf● Other profiles
28
![Page 29: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/29.jpg)
Automation
Dealing with findings● Log + website● Create hardening snippet● Automate via Chef, Puppet, Salt, etc.
29
![Page 30: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/30.jpg)
Let’s summarize
![Page 31: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/31.jpg)
Summary
Take action:
1. Perform regular scans2. Get that low-hanging fruit3. Automate the outcome
31
![Page 32: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/32.jpg)
You finished this presentation
Success!
![Page 33: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/33.jpg)
Questions?
Connect● Twitter: @mboelen● LinkedIn: Michael Boelen
Relevant project: https://LinuxSecurity.Expert(security tools, checklists, guides)
33
![Page 34: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection](https://reader035.fdocuments.us/reader035/viewer/2022071001/5fbd31d200869865ba02bf93/html5/thumbnails/34.jpg)
Learn more?
Follow● Blog Linux Audit (linux-audit.com)● Twitter @mboelen
This presentation will be available at michaelboelen.com
34