Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organization
Download as PPT, PDF0 likes1,272 views
This document discusses how Nagios monitoring software can provide value across different departments in an organization. It describes how Nagios can help infrastructure teams monitor availability, capacity, and proper functioning. It also explains how Nagios can help security teams by detecting threats like default configurations, website defacement, missing patches, and unauthorized access. Finally, it outlines how Nagios supports compliance with regulations like PCI, SOX, and HIPAA by monitoring technical controls and security requirements.
Nagios Conference 2012 - Jared Bird - Providing Value Throughout the Organization
- 1. Nagios: Providing Value Throughout the Organization Jared Bird [email protected] Twitter: @jaredbird
- 2. Introduction Who is Jared Bird?
- 3. Nagios
- 4. Providing Value Provide knowledge Assist other departments Strengthen inter-department relationships Achieve company wide goals Reduce costs
- 5. Understanding What are the goals of the other departments?
- 6. Infrastructure Network, Server, and Desktop Teams Concerns include: Availability Capacity Utilization Functioning Properly
- 7. Security Prevent data theft Deter identity theft Avoid legal issues Protect brand “CIA Triad” Confidentiality Integrity Availability
- 8. Threats Default configurations Website defacement Missing patches DNS redirection Unauthorized use Many, many more
- 10. Default Configurations Default passwords blank sa account Once password is set, monitor with new credentials XI Auto-discovery check for insecure protocols Scheduled scans and output to Nagios
- 11. Website Monitor for defacement check_http –H www.yoursite.com –s “sekret” Checks for “sekret” string Check certificate check_http –H www.mysite.com –C 21 Checks certificate for 21 days of validity
- 12. Software Installed Check url for content (version) Ex: http://www.adobe.com/software/flash/about/ Check for string “11.4.102.265”
- 13. DNS Have DNS entries changed? DNS hijacked High Impact
- 14. Unauthorized Use LDAP check for account creation Syslog output from infrastructure SNMP Alerts
- 15. Audit & Compliance PCI SOX HIPPA Almost every regulation* * Note: Speaker will not be held responsible if Nagios does not help achieve compliance with a specific regulation
- 16. PCI PCI DSS Any organization that processes, stores, or transmits credit card data Requirements 12 overall requirements 287 individual requirements
- 17. PCI Reqs 1&2: Build and Maintain a Secure Network Auto-discovery to look for services Checks to verify that vendor defaults have been changed Reqs 3&4: Protect Cardholder Data Scan for insecure protocols Check for expiration of SSL certificates Reqs 5&6: Maintain a Vulnerability Management Program Check the anti-virus process to ensure it is running
- 18. PCI Reqs 7,8,& 9: Implement Strong Access Control Measures LDAP checks to ensure LDAP server is functioning Web Transaction Monitoring can be used to check two factor Reqs 10&11: Regularly Monitor and Test Networks Check NTP Event logs from servers Req 12: Maintain an Information Security Program Use device listings as well as contact info (incident response plan)
- 19. SOX Sarbanes-Oxley or Public Company Accounting Reform and Investors Protection Act Section 404: Assessment of internal control Nagios can help management show that controls for assuring the integrity of the financial reports are effective.
- 20. HIPAA Headlines
- 21. HIPAA Technical Safeguards: Access Control Audit Control Integrity Controls Transmission Security
- 22. Questions? Jared Bird [email protected] Twitter: @jaredbird Thank You
Editor's Notes
- #2: Nagios: Providing Value Throughout The Organization This talk will discuss how Nagios can be used to provide value to several areas of an organization. Providing value to areas such as security, audit and compliance in additition to the traditional infrastructure teams including ways that Nagios can assist in achieving compliance with several standards/regulations such as PCI, SOX, HIPAA, etc. will be discussed.
- #3: Married 1yr old & 3yr old 10+ year experience Work as a Security Engineer for a large healthcare provider Jared Bird currently works during the day maintaining a respectable level of security at a large local healthcare organization in the Minneapolis/St Paul area. He has a passion for everything security related and in his spare time he enjoys breaking things, bending the rules, and developing a plot for world domination.
- #4: Flexibility allows endless possibilities Use these capabilities to provide value to other areas of the organization
- #10: Quote from FBI Director Robert Mueller ’s 2012 RSA Keynote
- #15: Infrastructure == vmserver
- #17: The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.
- #18: Autodiscovery – find insecure services
- #20: SOX was enacted to ensure that financial reports were accurate. All annual financial reports must include an Internal Control Report stating that management is responsible for an "adequate" internal control structure, and an assessment by managemnt of the effectiveness of the control structure. - sarbanes-oxley-101.com
- #22: Access control – Only allow authorized persons to access ePHI Audit control – Record and examine access to systems containing ePHI Integrity Controls – ePHI is not improperly altered or destroyed Trasmission Security – Guard against unauthroized access to ePHI