agenda - security auditing and compliance solutions - cisofy · 2018. 6. 6. · security auditing...

34

Upload: others

Post on 17-Aug-2020

0 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection
Page 2: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Agenda

Linux security

1. System hardening2. Technical audits3. Automation

2

Page 3: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Michael Boelen

3

Page 4: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Linux security

4

Areas Core Resources Services Environment

System Hardening Boot ProcessContainersFrameworksKernelService ManagerVirtualization

AccountingAuthenticationCgroupsCryptographyLoggingNamespacesNetworkSoftwareStorageTime

DatabaseMailMiddlewareMonitoringPrintingShellWeb

ForensicsIncident ResponseMalwareRisksSecurity MonitoringSystem Integrity

Security Auditing

Compliance

Page 5: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

System Hardening

Page 6: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Security 101

● Ongoing process

● Prevention || Detection

● React and mitigate:○ Hearthbleed

○ Spectre and Meltdown

6

Page 7: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

7

Page 8: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

8

Page 9: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Hardening 101

Defenses

● New● Existing● Reduce weaknesses

(= attack surface)

9

Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691

Page 10: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Hardening

Resources

● Center for Internet Security (CIS)● NSA → NIST● OWASP● Vendors● The Internet

10

Page 11: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

11

Page 12: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection
Page 13: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Auditing

Page 14: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Auditing

Why?

● Quality

● Assurance

14

Page 15: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

15

Page 16: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Audit (or some pentests)

Typically:10 Run vulnerability scanner20 Apply fix30 goto 10

16

Page 17: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Audit

Better:10 Select target(s)20 Perform audit30 Risk analysis40 Define automation steps50 Implement hardening60 goto 10

17

Page 18: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Automation

Page 19: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Lynis

19

Page 20: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

How it works

● Initialization● Run

○ Helpers○ Plugins○ Tests

● Show audit results

20

Page 21: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

21

Page 22: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

22

Page 23: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Why Lynis?

Flexibility● No dependencies*● Understandable● Create your own tests

* Besides common tools like awk, grep, ps

23

Page 24: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Why Lynis?

Three pillars1. First impression2. Keep it simple3. Next step

24

Page 25: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Why Lynis?

Next step:

25

Page 26: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Running Lynis

● lynis

● lynis audit system

● lynis show

● lynis show commands

26

Page 27: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection
Page 28: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Lynis Profiles

Optional configuration● Default.prf● Custom.prf● Other profiles

28

Page 29: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Automation

Dealing with findings● Log + website● Create hardening snippet● Automate via Chef, Puppet, Salt, etc.

29

Page 30: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Let’s summarize

Page 31: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Summary

Take action:

1. Perform regular scans2. Get that low-hanging fruit3. Automate the outcome

31

Page 32: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

You finished this presentation

Success!

Page 33: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Questions?

Connect● Twitter: @mboelen● LinkedIn: Michael Boelen

Relevant project: https://LinuxSecurity.Expert(security tools, checklists, guides)

33

Page 34: Agenda - Security Auditing and Compliance Solutions - CISOfy · 2018. 6. 6. · Security Auditing Compliance. System Hardening. Security 101 Ongoing process Prevention || Detection

Learn more?

Follow● Blog Linux Audit (linux-audit.com)● Twitter @mboelen

This presentation will be available at michaelboelen.com

34