- Количество слайдов: 22
Nagios: Providing Value Throughout the Organization JARED BIRD [email protected] COM TWITTER: @JAREDBIRD
Introduction Who is Jared Bird?
Providing Value Provide knowledge Assist other departments Strengthen inter-department relationships Achieve company wide goals Reduce costs
Understanding What are the goals of the other departments?
Infrastructure Network, Server, and Desktop Teams Concerns include: Availability Capacity Utilization Functioning Properly
Security Prevent data theft Deter identity theft Avoid legal issues Protect brand “CIA Triad” Confidentiality Integrity Availability
Threats Default configurations Website defacement Missing patches DNS redirection Unauthorized use Many, many more
Default Configurations Default passwords blank sa account Once password is set, monitor with new credentials XI Auto-discovery check for insecure protocols Scheduled scans and output to Nagios
Website Monitor for defacement check_http –H www. yoursite. com –s “sekret” Checks for “sekret” string Check certificate check_http –H www. mysite. com –C 21 Checks certificate for 21 days of validity
Software Installed Check url for content (version) Ex: http: //www. adobe. com/software/flash/about/ Check for string “ 11. 4. 102. 265”
DNS Have DNS entries changed? DNS hijacked High Impact
Unauthorized Use LDAP check for account creation Syslog output from infrastructure SNMP Alerts
Audit & Compliance PCI SOX HIPPA Almost every regulation* * Note: Speaker will not be held responsible if Nagios does not help achieve compliance with a specific regulation
PCI DSS Any organization that processes, stores, or transmits credit card data Requirements 12 overall requirements 287 individual requirements
PCI Reqs 1&2: Build and Maintain a Secure Network Auto-discovery to look for services Checks to verify that vendor defaults have been changed Reqs 3&4: Protect Cardholder Data Scan for insecure protocols Check for expiration of SSL certificates Reqs 5&6: Maintain a Vulnerability Management Program Check the anti-virus process to ensure it is running
PCI Reqs 7, 8, & 9: Implement Strong Access Control Measures LDAP checks to ensure LDAP server is functioning Web Transaction Monitoring can be used to check two factor Reqs 10&11: Regularly Monitor and Test Networks Check NTP Event logs from servers Req 12: Maintain an Information Security Program Use device listings as well as contact info (incident response plan)
SOX Sarbanes-Oxley or Public Company Accounting Reform and Investors Protection Act Section 404: Assessment of internal control Nagios can help management show that controls for assuring the integrity of the financial reports are effective.
HIPAA Technical Safeguards: Access Control Audit Control Integrity Controls Transmission Security
Questions? Jared Bird [email protected] com Twitter: @jaredbird Thank You