Harisfazillah Jamel presentation during KL GreenHat 2011 UniKL Kuala Lumpur Malaysia - http://greenhat.my/ OWASP Malaysia https://www.owasp.org/index.php/Malaysia

1. G.R.E.E.N
Open Source Security Tools
OWASP Malaysia
https://www.owasp.org/index.php/Malaysia
KL GreenHat - 10 Feb 2011

2. G.R.E.E.N
G roup
R econ
E ducation
E motion Control
N eutralized

3. G.R.E.E.N
G roup

4. G roup
• We all need to be in a group
• We need to have policy
• We have rules to follow

5. G roup
We all belong to group
Company, community and education
Why policy and rules ?

6. G roup
Haris, please reset root password?
:)
I have only user privileges
BUT I can do it.
ps. If you are reading this slide, you need to come to my session KL Greenhat 2011 and I will tell you.
clue : chmod +s and sudo

7. G roup
Within Group
We can set policy and rules
We can implement policy and rules
We can by law punish who break the rules
We can share knowledge and experience
(Company Organisation Community) = GROUP

8. G roup
Organisation need to have security policy
Internal threat cause most security breaches

9. G roup
Rules thats within security policy
Internal threat cause most security breaches

10. G roup
Audit Tools - By hand :)

11. G roup
Audit Tools - Checklist
Benchmark Audit Tool - cisecurity.org
OWASP How To
http://www.owasp.org/index.php/Category:How_To

12. G roup
Audit Tools
Bastille Unix
• A hardening script
• bastille --report
• http://bastille-linux.sourceforge.net/

13. G roup
Pentest - To check your own weakness
Server - OpenVAS, Nikto, nmap
Wireless - aircrack-ng, weplab, WEPCrack, airsnort
Network - tcpdump, wireshark

14. G.R.E.E.N
R econ

15. R econ
We need to know and be active
• Log monitoring
• Process monitoring
• Network Monitoring
• Files Monitoring
• Host Monitoring
• Human Monitoring

16. R econ
Log Monitoring
Central logging - syslog-ng
Monitoring File Log - swatch

17. R econ
Process Monitoring
Barking at daemons - Monit

18. R econ
Network Monitoring
Network Intrusion Detection System
• Snort
• Snort Web interface using ACID
• BRO - ada berani (need to customize)

19. R econ
Files Monitoring
Files integrity Checking
• Advanced Intrusion Detection Environment - AIDE
• Open Source Tripwire

20. R econ
Host Monitoring
host-based intrusion detection system (HIDS)
• OSSEC HIDS - www.ossec.net
• Samhain - la-samhna.de/samhain
• OSiris - osiris.shmoo.com
Detect files changes and monitoring the logs and
warn system admin.

21. R econ
Human Monitoring
Opensource CCTV
Zoneminder - www.zoneminder.com

22. G.R.E.E.N
E ducation

23. E ducation
Lack of awareness about security.
Users - bring in trojan
Sysadmin - server hijack
Developers - not so secure web application
Management - No ICT Security policy

24. E ducation
Action Plan
Users - Cybersafe Malaysia
Sysadmin - OWASP Webgoat
Developers - OWASP top 10
Management - Create and implement Security policy

25. E ducation
Users - Cybersafe Malaysia
www.cybersafe.my

26. E ducation
Sysadmin - OWASP Webgoat
The primary goal of the WebGoat project is simple:
create a de-facto interactive teaching environment for
web application security.

27. E ducation
Developers - OWASP Top 10 2010
A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session
Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards

28. E ducation
Management - Create and implement security policy
Certification is important
Get your people certified

29. G.R.E.E.N
E motion Control

30. E motion Control
Be Calm
You will stress out if you not.
Be Patient
Knowledge come from learning
Experience come from doing
Its all about time

31. E motion Control
TuxRacer
Bos Wars
Globulation 2
FreeCol
LinCity-NG
Sauerbraten
Sokoban
Enigma
BillardGL
Wesnoth
Flightgear
Bzflag
Opensource games

32. G.R.E.E.N
N eutralized

33. N eutralized
Block the attack
• Firewall
• Intrusion Prevention Framework
Filter the packets and data
• Web proxy
• Email filter
Protect the connection

34. N eutralized
Block the attack
Firewall
• M0n0wall
• PFsense
Intrusion Prevention Framework
• Fail2ban
• TCP Wrapper

35. N eutralized
Filter the packets and data
Webproxy
• Squid + Dansguardian
• Nginx
Email Filter
• Amavis-new
• Mailscanner

36. N eutralized
Protect the connection
Using SSL - OpenSSL
VPN - OpenVPN
Encryption - GnuPG

37. OWASP Malaysia
OWASP Malaysia Local Chapter
The Open Web Application Security Project
(OWASP) is a not-for-profit worldwide charitable
organization focused on improving the security of
application software.
www.owasp.my

38. The End
Malaysia OSS Community Survey 2011 on
Awareness of OSS Certification - survey.mosc.my
Malaysia Open Source Conference 2011 -
portal.mosc.my
Harisfazillah Jamel
linuxmalaysia @ gmail.com
http://blog.harisfazillah.info
10 Feb 2011