1 / 17

Today’s Meeting

Today’s Meeting.

talon
Download Presentation

Today’s Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Today’s Meeting • The game plan for today’s dynamic, fast track, off site meeting is to provide etched in stone exposure to those demograhically heads up elite who think outside the box regarding the best of breed and best practice techniques to drill down into the LINUX operating system metrics to provide a no brainer prototype deliverable that can add value to a scale where the recipient can be viewed as a leveraged top down virual fault tolerant market leader in profitability. • Do LINUX, impress someone

  2. LINUX Operating System Audit & Assessment 3/17/2004 www.lsap.org www.linuxsecurity.org Michael T Hoesing CISA, CISSP, CIA, CCP, CMA, CPA IS Audit Manager First National Nebraska Inc mhoesing@fnni.com (402) 636-6646 Standard disclaimer, “‘I never said THAT, and if you did THAT, and something broke, it’s your own durn fault.” also “The views expressed here are mine, not my employer’s.” When using any tool, do no harm.

  3. Learning Objectives • Define an Audit Approach/Methodology • Determine Audit Goals • Individual Tests to Achieve the Goals • Scripting Hints • Other • Auditing Example – an independent assessment process (take home script)

  4. Audit Approach • Define System Under Review (scope, LINUX) • Determine Key Success Criteria (objectives) • Assess Risk (focus test resources where appropriate) • Gather Standards (policy, procedures, regulation, contracts) • Inventory the Current State (the script) • Compare the Current State to Standards (analysis) • Investigate Differences (reporting)

  5. Audit Approach Objective [system security] and Risks • Authorized User Access High • Authorized Services High • Authorized Connections High + • Authorized File Access High • Appropriate Recording /Logging High • Appropriate Security Parameters High • Authorized Applications High

  6. Standards • Organization Policy • Regulation • Contractual Conformance • Industry Best Practice • Center for Internet Security (CISLinux Benchmark Standards & Scoring Tool https://www.cisecurity.org/sub_form.htmldifferent approach = compares to specific metrics(8.3 password maximum days > 90 shows as negative)

  7. Start Script Demo Here • Show the Audit Program • Show the Script File • Run the Script • Review the Results

  8. LINUX Tests – User Access • Who can be on the system, match to job function? • Who is on the system right now? • Password encryption in use? • Who can be GOD ? • From where can GOD access the system? • What default and group ID’s are present?

  9. LINUX Tests – Services • What services were loaded at startup? • What processes are currently running? • What services are set to run? • What modules are loaded? • What is accessing the CPU currently? • What jobs are scheduled to run?

  10. LINUX Tests – Connections • What networking devices are attached? • What other hosts can connect to the system under review? • What communication protocols are used?

  11. LINUX Tests – File Systems • What file systems are in use? • Which files and directories are world writeable? • What are the permissions on sensitive files & directories? • What files were changed in the last day? • Who changed it? • Why, was that authorized? • Was the change tested?

  12. LINUX Tests – Logging • What was recorded recently in the systems event log? /var/log/messages • What other logs are available? • Who can alter the log file?

  13. LINUX Tests – Security Parms • What automated password controls are in place? • Min days • Max days • Length • What environment controls are in place? • Last users • shells

  14. LINUX Tests – Applications • What applications are installed? • What malware is present? • Are there any monitoring tools?

  15. Scripting Hints • User Interactive • Predict and Deal with Errors, capture errors • Determine if a file or directory exists before executing a command

  16. Other • Test, test, test Before using the Script • Flavors of LINUX (SuSE 9.0) • Portable to UNIX ? • Time 5 – 10 minutes if not testing WW files • CPU usage - minimal

  17. Other • SNARE – “IDS” www.intersectalliance.com • More industry standards • www.linuxsecurity.com • C2 Secure Logging (auditing) for LINUX [SAL] • http://secureaudit.sourceforge.net • Auditing Linux – Krishni Naidu • http://www.sans.org/score/checklists/AuditingLinux.doc • Bastille does not work with SuSE • chksyslog and chkexploit_1_13

More Related