nagios conference 2011 - jared bird - using nagios as a security tool
DESCRIPTION
Jared Bird's presentation on using Nagios as a security tool. The presentation was given during the Nagios World Conference North America held Sept 27-29th, 2011 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcnaTRANSCRIPT
![Page 1: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/1.jpg)
JARED BIRD
JAREDBIRD@GMAIL .COM
TWITTER: @JAREDBIRD
Using Nagios as a Security Tool
![Page 2: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/2.jpg)
Introduction
� Who is Jared Bird?
![Page 3: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/3.jpg)
Reasons to care
� Prevent data theft
� Deter identity theft
� Avoid legal issues
� Protect brand
![Page 4: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/4.jpg)
Similarities
![Page 5: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/5.jpg)
Headlines
![Page 6: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/6.jpg)
“It wont happen to us”
� It can happen to anyone (even security vendors)
![Page 7: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/7.jpg)
Uh Oh
� http://www.coresecurity.com – September 22, 2011
![Page 8: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/8.jpg)
What to protect
� Data
� Hardware
� Intellectual Property
� Brand
![Page 9: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/9.jpg)
Threats
� Default configurations
� Website defacement
� Missing patches
� DNS redirection
� Unused services
� Unauthorized use
� Many, many more
![Page 10: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/10.jpg)
Monitoring
� Automation
� Early detection
� Quick resolution
� Integrity
![Page 11: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/11.jpg)
Default Configurations
� Default passwords
� blank sa account
� Once password is set, monitor with new credentials
� XI Auto-discovery check for insecure protocols
� Scheduled scans and output to Nagios
![Page 12: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/12.jpg)
Web
� Monitor for defacement
� check_http –H www.yoursite.com –s “sekret”
� Checks for “sekret” string
� Check certificate
� check_http –H www.mysite.com –C 21
� Checks certificate for 21 days of validity
� DDOS alerts
![Page 13: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/13.jpg)
Software Installed
� Check url for content (version)
� Ex: http://www.adobe.com/software/flash/about/
� Check for string “10.3.183.10”
� Manually update string
� Better way?
![Page 14: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/14.jpg)
DNS
� Have DNS entries changed?
� DNS hijacked
� High Impact
![Page 15: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/15.jpg)
Unused Services
� Auto-discovery
� Check for insecure services
� Check for previously disabled services
![Page 16: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/16.jpg)
Unauthorized Use
� LDAP check for account creation
� Syslog output from infrastructure
� Snort alert (snmp)
![Page 17: Nagios Conference 2011 - Jared Bird - Using Nagios As A Security Tool](https://reader033.vdocument.in/reader033/viewer/2022060119/5590a1661a28ab10798b45c0/html5/thumbnails/17.jpg)
Other Uses?
� Monitor video cameras
� http://bit.ly/bY2tjd
� Ideas?