Introduction
Who is Jared Bird?
Nagios
Providing Value
Provide knowledgeAssist other departmentsStrengthen inter-
department relationshipsAchieve company wide
goalsReduce costs
Understanding
What are the goals of the other departments?
Infrastructure
Network, Server, and Desktop Teams
Concerns include: Availability Capacity Utilization Functioning Properly
Security
Prevent data theftDeter identity theftAvoid legal issuesProtect brand“CIA Triad”
Confidentiality Integrity Availability
Threats
Default configurationsWebsite defacementMissing patchesDNS redirectionUnauthorized useMany, many more
Default Configurations
Default passwordsblank sa account
Once password is set, monitor with new credentials
XI Auto-discovery check for insecure protocols
Scheduled scans and output to Nagios
Website
Monitor for defacement check_http –H
www.yoursite.com –s “sekret” Checks for “sekret”
string
Check certificate check_http –H
www.mysite.com –C 21 Checks certificate for 21
days of validity
Software Installed
Check url for content (version)Ex:
http://www.adobe.com/software/flash/about/ Check for string “11.4.102.265”
DNS
Have DNS entries changed?
DNS hijackedHigh Impact
Unauthorized Use
LDAP check for account creationSyslog output from infrastructureSNMP Alerts
Audit & Compliance
PCISOXHIPPAAlmost every
regulation*
* Note: Speaker will not be held responsible if Nagios does not help achieve compliance with a specific regulation
PCI
PCI DSSAny organization that
processes, stores, or transmits credit card data
Requirements 12 overall requirements 287 individual
requirements
PCI
Reqs 1&2: Build and Maintain a Secure Network Auto-discovery to look for services Checks to verify that vendor defaults have been
changed
Reqs 3&4: Protect Cardholder Data Scan for insecure protocols Check for expiration of SSL certificates
Reqs 5&6: Maintain a Vulnerability Management Program Check the anti-virus process to ensure it is running
PCI
Reqs 7,8,& 9: Implement Strong Access Control Measures LDAP checks to ensure LDAP server is functioning Web Transaction Monitoring can be used to check two factor
Reqs 10&11: Regularly Monitor and Test Networks Check NTP Event logs from servers
Req 12: Maintain an Information Security Program Use device listings as well as contact info (incident response
plan)
SOX
Sarbanes-Oxley or Public Company Accounting Reform and Investors Protection Act
Section 404: Assessment of internal controlNagios can help management show that
controls for assuring the integrity of the financial reports are effective.
HIPAA Headlines
HIPAA
Technical Safeguards: Access Control Audit Control Integrity Controls Transmission Security
Top Related