Upload File

linux security, from concept to tooling

52
Linux Security Concept Tooling Utrecht, 16 January 2016 Michael Boelen [email protected]

Upload: michael-boelen

Post on 15-Jan-2017

482 views

Category:

Internet


2 download

Report

TRANSCRIPT

Page 1: Linux Security, from Concept to Tooling

Linux SecurityConcept → Tooling

Utrecht, 16 January 2016

Michael [email protected]

https://cisofy.com
Page 2: Linux Security, from Concept to Tooling

2

Page 3: Linux Security, from Concept to Tooling

Goals

1. Learn what to protect2. Know some strategies3. Learn about tooling

Focus: Linux

3

Page 4: Linux Security, from Concept to Tooling

Agenda

Today1. Hardening2. Auditing3. Guides and Tools

Bonus: Lynis demo

4

Page 5: Linux Security, from Concept to Tooling

Michael Boelen

● Open Source Security○ Rootkit Hunter (malware scan)

○ Lynis (security audit)

● 150+ blog posts at Linux-Audit.com

● Founder of CISOfy

5

https://rootkit.nl
https://rootkit.nl
https://cisofy.com/lynis/
https://cisofy.com/lynis/
http://linux-audit.com
https://cisofy.com
Page 6: Linux Security, from Concept to Tooling

Hardening

Page 7: Linux Security, from Concept to Tooling

Q: What is Hardening?

Page 8: Linux Security, from Concept to Tooling

Q: Why Hardening?

Page 9: Linux Security, from Concept to Tooling
Page 10: Linux Security, from Concept to Tooling

10

Page 11: Linux Security, from Concept to Tooling

Hardening

● New defenses

● Existing defenses

● Reduce weaknesses

(attack surface)

11

Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691

Page 12: Linux Security, from Concept to Tooling

Myth

After hardening I’m done

12

Page 13: Linux Security, from Concept to Tooling

Fact

● Security should be an ongoing process

● Which means it is never finished

● New attacks = more hardening○ POODLE

○ Hearthbleed

13

http://en.wikipedia.org/wiki/POODLE
http://en.wikipedia.org/wiki/POODLE
http://heartbleed.com/
http://heartbleed.com/
Page 14: Linux Security, from Concept to Tooling

Hardening

What to harden?

● Operating System

● Software + Configuration

● Access controls

14

Page 15: Linux Security, from Concept to Tooling

Hardening

Operating System

● Services

● Users

● Permissions

15

Page 16: Linux Security, from Concept to Tooling

Hardening

Software

● Minimal installation

● Configuration

● Tuning

16

Page 17: Linux Security, from Concept to Tooling

Hardening

Users and Access Controls

● Who can access what

● Password policies

● Accountability

17

Page 18: Linux Security, from Concept to Tooling

Hardening

Encryption

● Good: Encryption solves a lot

● Bad: Knowledge required

● Ugly: Easy to forget

18

Page 19: Linux Security, from Concept to Tooling

Technical Auditing

Page 20: Linux Security, from Concept to Tooling

Auditing

Why audit?

● Checking defenses

● Assurance

● Quality Control

20

Page 21: Linux Security, from Concept to Tooling

Common Strategy

1. Audit

2. Get a lot of findings

3. Start hardening

4. …….

5. Quit21

Page 22: Linux Security, from Concept to Tooling

Improved Strategy

1. Focus

2. Audit

3. Focus

4. Harden

5. Repeat!22

Page 23: Linux Security, from Concept to Tooling

Guides and Tools

Page 24: Linux Security, from Concept to Tooling

Options

● Benchmarks and Guides

● SCAP

● Other resources

● Tools

24

Page 25: Linux Security, from Concept to Tooling

Benchmarks / Guides

● Center for Internet Security (CIS)

● NIST / NSA

● OWASP

● Vendors

25

Page 26: Linux Security, from Concept to Tooling

Benchmarks / Guides

ProsFree to useDetailedYou are in control

26

ConsTime intensiveUsually no toolingLimited distributionsDelayed releases

Page 27: Linux Security, from Concept to Tooling

Tooling

Page 28: Linux Security, from Concept to Tooling

Tools

Tools make life easier, right?

Not always...

28

Page 29: Linux Security, from Concept to Tooling

Tools

Problem 1: There aren’t many

29

Page 30: Linux Security, from Concept to Tooling

Tools

Problem 2: Usually outdated

30

Page 31: Linux Security, from Concept to Tooling

Tools

Problem 3: Limited in their support

31

Page 32: Linux Security, from Concept to Tooling

Tools

Problem 4: Hard to use

32

Page 33: Linux Security, from Concept to Tooling

Tool 1: SCAP

Page 34: Linux Security, from Concept to Tooling

SCAP

● Security

● Content

● Automation

● Protocol

34

Page 35: Linux Security, from Concept to Tooling

SCAP

Combination of:● Markup● Rules● Tooling● Scripts

35

Page 36: Linux Security, from Concept to Tooling

SCAP features● Common Vulnerabilities and Exposures (CVE)● Common Configuration Enumeration (CCE)● Common Platform Enumeration (CPE)● Common Vulnerability Scoring System (CVSS)● Extensible Configuration Checklist Description Format (XCCDF)● Open Vulnerability and Assessment Language (OVAL)

Starting with SCAP version 1.1● Open Checklist Interactive Language (OCIL) Version 2.0

Starting with SCAP version 1.2● Asset Identification● Asset Reporting Format (ARF)● Common Configuration Scoring System (CCSS)● Trust Model for Security Automation Data (TMSAD)

36

http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures
http://cve.mitre.org/
http://cve.mitre.org/
http://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures
http://nvd.nist.gov/cce/
http://nvd.nist.gov/cce/
http://scap.nist.gov/specifications/cpe/
http://scap.nist.gov/specifications/cpe/
http://www.first.org/cvss/
http://www.first.org/cvss/
http://en.wikipedia.org/wiki/Extensible_Configuration_Checklist_Description_Format
http://scap.nist.gov/specifications/xccdf/
http://scap.nist.gov/specifications/xccdf/
http://en.wikipedia.org/wiki/Extensible_Configuration_Checklist_Description_Format
http://en.wikipedia.org/wiki/Open_Vulnerability_and_Assessment_Language
http://oval.mitre.org/
http://oval.mitre.org/
http://en.wikipedia.org/wiki/Open_Vulnerability_and_Assessment_Language
http://oval.mitre.org/
http://scap.nist.gov/specifications/ocil/
http://scap.nist.gov/specifications/ocil/
http://scap.nist.gov/specifications/ocil/
http://scap.nist.gov/specifications/ai/
http://scap.nist.gov/specifications/ai/
http://scap.nist.gov/specifications/arf/
http://scap.nist.gov/specifications/arf/
http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7502
http://csrc.nist.gov/publications/PubsNISTIRs.html#NIST-IR-7502
http://scap.nist.gov/specifications/tmsad/
http://scap.nist.gov/specifications/tmsad/
Page 37: Linux Security, from Concept to Tooling

Complexity?List of Tables (Common Configuration Scoring System (CCSS))Table 1. Access Vector Scoring Evaluation ..................................................................................8

Table 2. Authentication Scoring Evaluation ..................................................................................9

Table 3. Access Complexity Scoring Evaluation.........................................................................10

Table 4. Confidentiality Impact Scoring Evaluation.....................................................................11

Table 5. Integrity Impact Scoring Evaluation ..............................................................................12

Table 6. Availability Impact Scoring Evaluation ..........................................................................12

Table 7. General Exploit Level Scoring Evaluation.....................................................................13

Table 8. General Remediation Level Scoring Evaluation ...........................................................14

Table 9. Local Vulnerability Prevalence Scoring Evaluation.......................................................15

Table 10. Perceived Target Value Scoring Evaluation ...............................................................15

Table 11. Local Remediation Level Scoring Evaluation..............................................................16

Table 12. Collateral Damage Potential Scoring Evaluation ........................................................17

37

Page 38: Linux Security, from Concept to Tooling

SCAP Overview

ProsFree to useFocused on automation

38

ConsLimited distributionsComplexityHard to customize

Page 39: Linux Security, from Concept to Tooling

Tool 2: Lynis

Page 40: Linux Security, from Concept to Tooling

Lynis

40

Page 41: Linux Security, from Concept to Tooling

Lynis

Goals● Perform a quick security scan● Collect data● Define next hardening steps

41

Page 42: Linux Security, from Concept to Tooling

Lynis

Background● Since 2007● Goals

○ Flexible○ Portable

42

Page 43: Linux Security, from Concept to Tooling

Lynis

Open Source Software● GPLv3● Shell● Community

43

Page 44: Linux Security, from Concept to Tooling

Lynis

Simple● No installation needed● Run with just one parameter● No configuration needed

44

Page 45: Linux Security, from Concept to Tooling

Lynis

Flexibility● No dependencies*● Option to extend easily● Custom tests

* Besides common tools like awk, grep, ps

45

Page 46: Linux Security, from Concept to Tooling

Lynis

Portability● Run on all Unix platforms● Detect and use “on the go”● Usable after OS version upgrade

46

Page 47: Linux Security, from Concept to Tooling

How it works

1. Initialise

2. OS detection

3. Detect binaries

4. Run helpers/plugins/tests

5. Show report47

Page 48: Linux Security, from Concept to Tooling

Running

1. lynis

2. lynis audit system

3. lynis audit system --quick

4. lynis audit system --quick --quiet

48

Page 49: Linux Security, from Concept to Tooling

Demo?

Page 50: Linux Security, from Concept to Tooling

Conclusions

● Protect your precious

● Hardening

● Do regular checks

50

Page 51: Linux Security, from Concept to Tooling

You finished this presentation

Success!

Page 52: Linux Security, from Concept to Tooling

Learn more?

Follow● Blog Linux Audit (linux-audit.com)● Twitter @mboelen

52

http://linux-audit.com

Tooling - Al Kennedy · Tooling - Chapter 3 3-1 Tooling This chapter covers the semi-permanent press tooling: dummy blocks, stems, containers, container liners, …

Concept Tooling - CISOfy · Linux Security Concept → Tooling Utrecht, 16 January 2016 Michael Boelen [email protected]. 2. Goals 1. Learn what to protect 2. Know some strategies

CODE DESCRIPTION PRICE OFFER - Concept Tooling

ALLIED MASK & TOOLING Decorative Tooling for the Finishing Industry

Tooling & Machine Tooling Technology

TOOLING REFERENCE GUIDE VERSION 4 - Unique Machine · 2009. 1. 23. · Website: www .uniquemachine.com Email: [email protected] ALL TOOLING SHOWN IS GREAT LAKES TOOLING 2008

Docker Containers for Legal Professionals · Linux containers took this concept further, providing even more separation. Docker is the dominant technology for Linux-based containers

Rapid Tooling Economical and Advanced more than Conventional tooling

Pattern Views: Concept and Tooling for Interconnected

Deploying OpenStack: Proof-of-Concept Environments (Packstack) · Red Hat Enterprise Linux OpenStack Platform 6 Deploying OpenStack: Proof-of-Concept Environments (Packstack) Using

Connector Tooling Guide - HS | · PDF fileConnector Tooling Guide ... standard electrical connectors. THE CRIMPING CONCEPT Crimping is a method of firmly attaching a terminal or contact

Compact Tooling Program Catalog - Woodworking … Tooling Program Catalog Connecting People Tooling Products Tools and tooling systems for wood and advanced materials

DM / Robotics - Press Automation Tooling Catalogue...Tooling Catalogue Product Catalogue 2013 Tooling Catalogue 2013 Edition Press Automation Tooling Catalogue | Contents 01 Contents

INTELLIGENT TOOLING. Progress Review Introduction Updated Customers/Wants/Constraints Metrics Benchmarking Concept Evaluation Schedule

Taper Lock Taper Lock Tooling and Tooling System

Platform Operations Concept for zSeries Linux with z/VM

> PUNCH TOOLING > DIE TOOLING > INSTALLATION HARDWARE

SEINCO DIN 69871.pdf 2 DIN 69871 SEINCO talian Tooling System Italian Tooling Syst Tooling System Italian Tooling System Ita System Italian Tooling System Italian Too

EDM Electrodes Manufacturing Using Rapid Tooling · PDF fileEDM Electrodes Manufacturing Using Rapid Tooling Concept ... Electro Discharge Machining ... EDM Electrodes Manufacturing

Compact Tooling Program Catalog - Over 125 years of … ·  · 2017-08-10Compact Tooling Program Catalog Connecting People Tooling Products Tools and tooling systems for wood and

System z Linux Proof Of Concept Project Management Best Practices September 8, 2009 Marianne Eggett System z Linux Practice Manager [email protected]

Tooling Technology Machine Tooling Technology · 2018-07-18 · Tooling Technology Machine Tooling Technology BENZ Modular Quick Change Systems ... + Rotary distributors + Z-axes

Tooling Temple, Coimbtore, Tooling Temple

DB2 LUW 10.5 for Linux on System z LUW - Linux on Z - RAM (Final - Texas).pdfDB2 LUW is not identical to DB2 for zOS, but ... Optim database tooling (Data Studio, OPM, OQWT ) Exceptionally

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand

Production Tooling with Additive Manufacturing · 2018-10-05 · Production Tooling with Additive Manufacturing. White Paper 3 AM tooling currently covers a range of tooling applications

Tooling Solutions - Cytec · PDF fileinnovation with real advantage to the composites industry. Our composite tooling ... software and FE analysis. This takes tooling ... Tooling Carbon

Disk Encryption on Linux - MERLIN'smarc.merlins.org/linux/talks/DiskEncryption/talk-src/DiskEncryption.pdfbetter with bit flips or partition resizing). Good concept, but not an ideal

3D CONCEPT TOOLING Pvt. Ltd THE COMPANY · 3D CONCEPT TOOLING Pvt. Ltd THE PEOPLE Mr. C. Ravichandran is the promoter of the company, having an experience of more than 22 years in

MAKE THE TOOLING CHANGEOVER TO CONCEPT EXTRU-TECH LIMITED EXTRUSION TOOLING TECHNOLOGY CONCEPT EXTRU-TECH LIMITED TEL: 44 (0)121 520 8252

E-manufacturing concept solution for tooling sector · 108 Estonian Journal of Engineering, 2009, 15, 2, 108–120 doi: 10.3176/eng.2009.2.04 E-manufacturing concept solution for

nx tooling brochure - Análisis y Simulación · NX Tooling NX software delivers ... • Concept. 4 ... to bring in third-party design files • Manufacturability checking for molded

Manual Tooling Catalog - Phillips · PDF fileManual Tooling Catalog BACK TO TOP SECTION 10 STANDARD MANUAL TOOLING PACKAGES Standard Tooling Package

System Concept Development Laboratory: Tooling Up for the 21st

Code4vn linux day1 operating system concept