140 likes | 154 Views
Explore open source alternatives to commercial software! Learn how OSS is revolutionizing network and security management. Discover tools like Snort, Nagios, and OSSEC providing cost-effective solutions for Intrusion Detection and Prevention Systems.
E N D
Applied Watch Technologies open.freedom Go ahead. Be free. The Enterprise Open Source Security Infrastructure
about.me Go ahead. Be free. • Sold first company at 17 • Information warfare consultant with Dept. of Defense • GCIA, CISSP • Published first advisory on hacking VPN appliances (Securityfocus.com). Spoke at Caesar’s Palace in Las Vegas • Nominated by MIT as Most Influential Technologist of 2002 • CEO, President, Applied Watch Technologies (Enterprise Open Source Management Company)
Go ahead. Be free. categories
what.is.open.source Go ahead. Be free. • Open Source is a free alternative to commercial software developed and maintained by the community (thousands of developers) • Linux v/s Microsoft Windows • Apache v/s Microsoft IIS • Snort v/s ISS, Cisco, 3Com • Nagios v/s HP Openview
what.is.open.source • There is now an open source tool alternative for every commercial product • Network management tools • Intrusion Detection Systems • Antivirus • Firewalls • Operating Systems • Web Servers
Go ahead. Be free. Go ahead. Be free. open.source.trends • Gartner holds an annual open source summit discussing widespread use of open source in the enterprise • (Forrester Research) At least 75% of organizations have deployed open source software • (Forbes NOV 2005) Open source invades the enterprise. • May 2005 IBM Acquires Gluecode (Open Source competitor) • (Forbes) Chicago Mercantile Exchange cuts $2.5M in hardware costs by switching to Linux
Go ahead. Be free. open.source.trends • (IDC) open source is used in nearly 75 percent of all organizations worldwide and includes hundreds of thousands of projects. Open source is in production in over half of the organizations. • (2005 Netcraft Survey) Apache dominates Web Server market over Microsoft with 70% Market Share • Navy protects battleships using open source Snort
Defense in-Depth Commercial NIDS Open Source NIDS Open Source HIDS
why.open.source • COTS (Commercial-off-the-shelf) NIDS/NIPS don’t do everything perfectly • Open Source signatures are community developed and in most cases are easier to write • There will soon be an equal or superior open source solution to every COTS security product • Commercial solutions can be very expensive. OSS lowers the TCO of Security.
oss.strategy: nids • Snort IDS: Network Intrusion Detection System • Pattern Matching • Protocol anomaly detection (data in SYN packet) • Target-aware (stream5 in Snort 3) • Passive or Inline Intrusion Prevention • Over 3M downloads to date
Go ahead. Be free. oss.strategy: nids • Bro IDS: Network Intrusion Detection System • Developed by Lawrence Berkeley National Labs • Focused more on use in research environments • Detects anomalies in traffic behavior as well as patterns • Can alert, execute an OS command, or block traffic • More of a research platform for IDS
Go ahead. Be free. oss.strategy: hids • OSSEC HIDS: Host Intrusion Detection and Prevention System • Ported to all major OS (Windows, Unix, BSD, Linux, • HP-UX, MacOS, Solaris) • Uses local system to block attacks • Email-based alerting on attacks • Performs log analysis, file integrity checking, rootkit • detection, time-based alerting, and active response
Go ahead. Be free. oss.strategy: hids • OSSEC HIDS: Host Intrusion Detection and Prevention System • Agent/Server architecture • Signatures can be easily written • Detects changes to user dirs, md5 checksum changes, • changes to file/directory sizes, ownership changes, and • directory permissions. • Windows registry monitoring
Go ahead. Be free. summary • In some organizations, OSS has replaced • commercial security and network products • In others, OSS augments COTS products as an • additional layer • Soon, OSS will be an option for every COTS • network and security product available • OSS is being relied upon for lowering TCO in Security