SYSTEM DEPLOYMENT & SECURITY AUDITING WITH RHN SATELLITE & NESSUS
|
|
- Owen Riley
- 8 years ago
- Views:
Transcription
1
2 SYSTEM DEPLOYMENT & SECURITY AUDITING WITH RHN SATELLITE & NESSUS Akash Chandrashekar Senior Solution Architect, Red Hat Lee Kinser Solution Architect, Red Hat Jack Daniel Technical Product Manager, Tenable Network Security
3 Compliance Issues Can Be a Growing Pain Each industry affected by its own compliance rules (FDCC, HIPPA, SOX, PCI, and many, many more) Executive summary of all the requirements: Control your network, keep it tight and up to date, be able to prove it
4 REQUIREMENT PROPOSED SOLUTIONS
5
6 REQUIREMENT PROPOSED SOLUTIONS
7 Requirement 11: Regularly Test Security Systems and Processes Regular audits of the perimeter (or network) by 3rd parties (every quarter) Very typical of many audits Typical example: ecommerce site scanned by a PCI ASV ( Approved Scanning Vendor ) PCI ASV scans use Nessus and other scanners to do their jobs Note: Tenable Network Security is now a PCI ASV
8 Issues with Auditors in General False positives : Red Hat backports security patches. A site advertising Apache may not be vulnerable to all flaws affecting Apache < No doubt, most vendors prefer a false positive to a false negative. Findings can now be disputed. However: This is costly (charged per scan) and time consuming (where to get the information).
9 The False Positive Issue Condition: Exists Condition: Does Not Exist Detected Valid: True Positive Invalid: False Positive Not Detected Invalid: False Negative Valid: True Negative
10 Issues with Some Auditors How to prepare for an audit and be ready to explain why some findings are false positives? How to prove that patches are applied regularly? What if your patch schedule does not fit the quarterly scans? Explaining how Red Hat backporting works
11 Red Hat Satellite
12 Strategies to Manage Content RHEL x Clients Custom 5.0-dev Clone Custom 5.0-prod 1)Client is built via kickstart from Red Hat channel kickstart tree 2)Activation key reconfigures client (dev or prod?) 3)Sat Admin creates 2 custom channels for dev & production clients 4)Sat Admin regularly compares custom dev channel vs. Red Hat and merges selected security updates, fixes, feature enablements 5)Dev systems do QA validation 6)Sat Admin merges dev to prod at reduced intervals after QA certifies dev channel 7)Sat Admin schedules updates for prod clients
13
14 Red Hat Satellite (cont.) Red Hat Satellite is a great way to manage one s network in a compliant way. However, we still need to: - Prove that every host scanned is indeed managed by Satellite - Prove that every host scanned is patched (regularly) - Prove that every host is configured properly from a security point of view
15 Red Hat Satellite (cont.) Systems audited Not every host related to audits is managed by Satellite (yet) Systems managed by Satellite Different views between Satellite and the scan results
16 Red Hat Satellite: Unlocking the Power of the API Connect to the Satellite server via XML-RPC library Authenticate Session Key * Normal Satellite server permissions/roles apply Perform queries and operations of interest Logout (when Auth)
17 Red Hat Satellite: Nessus Integration with RHN Satellite Satellite API Integration Software Distribution Account Management Channel Management Monitoring Provisioning API LAYER XML-RPC The API layer can be used to integrate with disparate systems by making remote procedure calls using XML over HTTP
18 Nessus + RHN Satellite Each time Nessus scans a host, it can connect to the local RHN Satellite server and ask Do you manage it? AND How do you manage it?
19 Nessus Widely-deployed vulnerability scanner with open source roots, since 1998 Nearly 50,000 vulnerability and configuration plugins Used by many auditors Scans a network for remote and local vulnerabilities and misconfigurations Least-expensive commercial vulnerability scanner ($1500/year, unlimited targets; still free for home, non-commercial use) Also includes web app scanning, local policy audits, and more for more information For organizations with multiple Nessus scanners, Tenable SecurityCenter for centralized management and reporting
20 How to Use Nessus for Scanning? Products can NOT be certified Only service providers can be certified as Approved Scanning Vendors (ASVs) Nessus prepares you for a scan: It provides the results that most ASVs will report Helps you detect false positives and document resolution
21 Nessus + RHN Satellite What if the hosts scanned have not been updated yet? (outside of regular patch schedule) Report on missing patches Correlation is the key!
22 Nessus + RHN Satellite How to prove that patches are applied regularly? Nessus will do a per-host Satellite report showing the history of applied patches Accurate reporting is key!
23 Nessus + RHN Satellite Reports contain both the results found remotely and information gathered from Satellite Arms you with all the facts you need to successfully pass your audit: - Host is managed by Satellite - Host is up to date - Host is patched regularly
24 DEMO
25 Tenable SecurityCenter + RHN Satellite
26
27
28
29 QUESTIONS?
30
CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY
CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY Akash Chandrashekar - Solution Architect, Red Hat Renaud Deraison - Tenable Network Security, Inc. / Nessus.org Compliance Issues
More informationPatch Management Integration
Patch Management Integration January 10, 2012 (Revision 5) Copyright 2002-2012 Tenable Network Security, Inc. Tenable Network Security, Nessus and ProfessionalFeed are registered trademarks of Tenable
More informationVULNERABILITY MANAGEMENT
Vulnerability Management (VM) software differ in the richness of reporting, and the capabilities for application and security configuration assessment. Companies must consider how a VM technology will
More informationAchieving PCI Compliance: How Red Hat Can Help. Akash Chandrashekar, RHCE. Red Hat Daniel Kinon, RHCE. Choice Hotels Intl.
Achieving PCI Compliance: How Red Hat Can Help Akash Chandrashekar, RHCE. Red Hat Daniel Kinon, RHCE. Choice Hotels Intl. Agenda Understanding Compliance Security Features within Red Hat Backporting Choice
More informationNessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)
Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Perimeter Service... 3 Subscription and Activation... 3 Multi Scanner Support...
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationNessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)
Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning
More informationNessus Agents. October 2015
Nessus Agents October 2015 Table of Contents Introduction... 3 What Are Nessus Agents?... 3 Scanning... 4 Results... 6 Conclusion... 6 About Tenable Network Security... 6 2 Introduction Today s changing
More informationTenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments
Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments Introduction Server virtualization and private cloud services offer compelling benefits, including hardware consolidation,
More informationCredit Cards and Oracle: How to Comply with PCI DSS. Stephen Kost Integrigy Corporation Session #600
Credit Cards and Oracle: How to Comply with PCI DSS Stephen Kost Integrigy Corporation Session #600 Background Speaker Stephen Kost CTO and Founder 16 years working with Oracle 12 years focused on Oracle
More informationManaging your Red Hat Enterprise Linux guests with RHN Satellite
Managing your Red Hat Enterprise Linux guests with RHN Satellite Matthew Davis, Level 1 Production Support Manager, Red Hat Brad Hinson, Sr. Support Engineer Lead System z, Red Hat Mark Spencer, Sr. Solutions
More informationQuick Start Guide: Utilizing Nessus to Secure Microsoft Azure
Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure Introduction Tenable Network Security is the first and only solution to offer security visibility, Azure cloud environment auditing, system
More informationPCI-DSS Penetration Testing
PCI-DSS Penetration Testing Adam Goslin, Co-Founder High Bit Security May 10, 2011 About High Bit Security High Bit helps companies obtain or maintain their PCI compliance (Level 1 through Level 4 compliance)
More informationOpen Source Datacenter Conference 2011 System Management with RHN Satellite. Dirk Herrmann, Solution Architect, Red Hat
Open Source Datacenter Conference 2011 System Management with RHN Satellite Bringing the Community, Vendors and Users Together Enterprise Users Hardware vendors Software vendors Open Source Community A
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationNessus and Mobile Device Scanning. November 7, 2014 (Revision 12)
Nessus and Mobile Device Scanning November 7, 2014 (Revision 12) Table of Contents Introduction... 3 Standards and Conventions... 3 Overview... 3 Scanning for Mobile Devices with Nessus... 4 Creating a
More informationASV Scan Report Attestation of Scan Compliance
ASV Scan Report Attestation of Scan Compliance Scan Customer Information Company: David S. Marcus, Ph. D Approved Scanning Vendor Information Company: ComplyGuard Networks Contact: Contact: Support Tel:
More informationUsing the Tenable Solution to Audit and Protect Firewalls, Routers, and Other Network Devices May 14, 2013 (Revision 1)
Network Infrastructure Is Not Immune Using the Tenable Solution to Audit and Protect Firewalls, Routers, and Other Network Devices May 14, 2013 (Revision 1) Table of Contents Executive Summary... 3 Network
More informationMay 11, 2011. (Revision 10)
Blended Security Assessments Combining Active, Passive and Host Assessment Techniques May 11, 2011 (Revision 10) Renaud Deraison Director of Research Ron Gula Chief Technology Officer Copyright 2011. Tenable
More informationBuilding and Managing a Standard Operating Environment
Building and Managing a Standard Operating Environment Dirk Herrmann Head of Strategic Consulting Central Europe, Red Hat Todd Warner Satellite Product Manager, Red Hat Milan Zázrivec Satellite Software
More informationProtecting Critical Infrastructure
Protecting Critical Infrastructure SCADA Network Security Monitoring March 20, 2015 Table of Contents Introduction... 4 SCADA Systems... 4 In This Paper... 4 SCADA Security... 4 Assessing the Security
More informationTenable for CyberArk
HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments
More informationBest Practices for Deploying and Managing Linux with Red Hat Network
Best Practices for Deploying and Managing Linux with Red Hat Network Abstract This technical whitepaper provides a best practices overview for companies deploying and managing their open source environment
More informationDigi Device Cloud: Security You Can Trust
Digi Device Cloud: Security You Can Trust Abstract Historically, security has oftentimes been an afterthought or a bolt-on to any engineering product. In today s markets, however, security is taking a
More informationJune 8, 2011. (Revision 1)
Unified Security Monitoring Best Practices June 8, 2011 (Revision 1) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
More informationUnified Security Monitoring Best Practices
Unified Security Monitoring Best Practices This white paper outlines several best practices when deploying and optimizing a USM platform to perform security and compliance monitoring for enterprise networks.
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationApril 11, 2011. (Revision 2)
Passive Vulnerability Scanning Overview April 11, 2011 (Revision 2) Copyright 2011. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of
More informationIBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide
IBM Security QRadar SIEM Version 7.1.0 MR1 Vulnerability Assessment Configuration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks
More informationNessus Cloud User Registration
Nessus Cloud User Registration Create Your Tenable Nessus Cloud Account 1. Click on the provided URL to create your account. If the link does not work, please cut and paste the entire URL into your browser.
More informationUsing Nessus In Web Application Vulnerability Assessments
Using Nessus In Web Application Vulnerability Assessments Paul Asadoorian Product Evangelist Tenable Network Security pasadoorian@tenablesecurity.com About Tenable Nessus vulnerability scanner, ProfessionalFeed
More informationPCI Compliance. Network Scanning. Getting Started Guide
PCI Compliance Getting Started Guide Qualys PCI provides businesses, merchants and online service providers with the easiest, most cost effective and highly automated way to achieve compliance with the
More informationFebruary 22, 2011. (Revision 2)
Real-Time Massachusetts Data Security Law Monitoring Leveraging Asset-Based Configuration and Vulnerability Analysis with Real-Time Event Management February 22, 2011 (Revision 2) Copyright 2011. Tenable
More informationTenable Enterprise Product Training
Tenable Enterprise Product Training Tenable Unified Security Monitoring for Analysts (5MD) This hands-on instructor led course provides security analysts with the skills and knowledge necessary to discover
More informationEnterprise Cloud Use Cases and Security Considerations
Enterprise Cloud Use Cases and Security Considerations Carson Sweet! CEO, CloudPassage! For This Discussion We re talking about cloud infrastructure! Cloud-oriented infrastructure delivery Infrastructure
More informationJBoss security: penetration, protection and patching. David Jorm djorm@redhat.com
JBoss security: penetration, protection and patching David Jorm djorm@redhat.com Contents The problem Background Historical vulnerabilities JBoss worm Security response for products The solution The Problem
More informationRed Hat Network Satellite (On System z) 18-JUNE CAVMEN Meeting
Red Hat Network Satellite (On System z) 18-JUNE CAVMEN Meeting Shawn D. Wells System z Platform Manager (+1) 443 534 0130 Why are we here? PROBLEM SCENARIO SysAdmin wants to automate Linux
More informationWeb Application Vulnerability Testing with Nessus
The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information
More informationVirtualizare sub Linux: avantaje si pericole. Dragos Manac
Virtualizare sub Linux: avantaje si pericole Dragos Manac 1 Red Hat Enterprise Linux 5 Virtualization Major Hypervisors Xen: University of Cambridge Computer Laboratory Fully open sourced Set of patches
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationHow To Protect Your Data From Being Stolen
DATA SECURITY & PCI DSS COMPLIANCE PROTECTING CUSTOMER DATA WHAT IS PCI DSS? PAYMENT CARD INDUSTRY DATA SECURITY STANDARD A SET OF REQUIREMENTS FOR ANY ORGANIZATION OR MERCHANT THAT ACCEPTS, TRANSMITS
More informationTenable Addendum to VMware Product Applicability Guide. for. Payment Card Industry Data Security Standard (PCI DSS) version 3.0
Tenable Product Applicability Guide For Payment Card Industry (PCI) Partner Addendum VMware Compliance Reference Architecture Framework to VMware Product Applicability Guide for Payment Card Industry Data
More informationAutomatic vs. Manual Code Analysis
Automatic vs. Manual Code Analysis 2009-11-17 Ari Kesäniemi Senior Security Architect Nixu Oy ari.kesaniemi@nixu.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationencription IT Security and Forensic Services
PRODUCT DETAILS CONTENTS THE PROBLEM 2 THE Solution 2 THE PRODUCT AND SERVICE 3 THE BENEFITS 4 OPTIONS 5 THE PROBLEM External IT security breaches caused by malicious hackers, and others, can occur at
More informationCredit Cards and Oracle E-Business Suite Security and PCI Compliance Issues
Credit Cards and Oracle E-Business Suite Security and PCI Compliance Issues August 16, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy
More informationTechnical Proposal. In collaboration with Main Contractor. 24 th April 2012 (VER. 1.0) E-SPIN SDN BHD
Technical Proposal 24 th April 2012 (VER. 1.0) In collaboration with Main Contractor E-SPIN SDN BHD Since 2005 E-SPIN SDN BHD. All Right Reserved. www.e-spincorp.com Product Overview & Features Nessus
More informationPCI Vulnerability Validation Report
Friday, March 9, 013 PCI Vulnerability Validation Report Introduction This report shows the results of a vulnerability validation tests conducted by CORE Impact Professional Professional in support of
More informationQualys PC/SCAP Auditor
Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS
More informationPAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES
PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES AGENDA PCI Players and Roles Merchant Requirements Keys To Successful PCI
More informationE-SPIN PCI Compliancy Solution
E-SPIN PCI Compliancy Solution PCI Requirements For compliancy - Any company that accepts, processes, or stores credit card information needs to comply with the requirements set by the Payment Card Industry
More informationAbout Me. #ccceu. @shapeblue. Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack
Software Architect with ShapeBlue Specialise in. 3 rd party integrations and features in CloudStack About Me KVM, API, DB, Upgrades, SystemVM, Build system, various subsystems Contributor and Committer
More information3D Tool 2.0 Quick Start Guide
www.tenable.com sales@tenable.com 3D Tool 2.0 Quick Start Guide ABOUT THE 3D TOOL Tenable s 3D Tool is a Windows application that is used to query data from a SecurityCenter 4 server and present it in
More informationBlended Security Assessments
Blended Security Assessments Combining Active, Passive and Host Assessment Techniques October 12, 2009 (Revision 9) Renaud Deraison Director of Research Ron Gula Chief Technology Officer Table of Contents
More informationComprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)
Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware
More informationDelivering IT Security and Compliance as a Service
Delivering IT Security and Compliance as a Service Jason Falciola GCIH, GAWN Technical Account Manager, Northeast Qualys, Inc. www.qualys.com Agenda Technology Overview h The Problem: Delivering IT Security
More informationPCI Compliance Updates
PCI Compliance Updates E-Commerce / Cloud Security Adam Goslin, Chief Operations Officer AGoslin@HighBitSecurity.com Direct: 248.388.4328 PCI Guidance Google: PCI e-commerce guidance https://www.pcisecuritystandards.org/pdfs/pci_dss_v2_ecommerce_guidelines.pdf
More informationScan Report Executive Summary. Part 2. Component Compliance Summary IP Address : 69.43.165.11
Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: rsync.net ASV Company: Comodo CA Limited 06-02-2015 Scan expiration date: 08-31-2015 Part 2. Component
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationHow To Use A Policy Auditor 6.2.2 (Macafee) To Check For Security Issues
Vendor Provided Validation Details - McAfee Policy Auditor 6.2 The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Statement of
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationCyber Security RFP Template
About this document This RFP template was created to help IT security personnel make an informed decision when choosing a cyber security solution. In this template you will find categories for initial
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationPHP in RPM distribution
PHP in RPM distribution Why things get better Presented by Remi Collet Senior Software Engineer, Red Hat Inc. License Licensed under Creative Commons Attribution Share Alike CC-BY-SA Today's Topics 1.
More informationRed Hat Enterprise Linux and management bundle for HP BladeSystem TM
HP and Red Hat are announcing a specially priced software bundle for customers deploying Red Hat Linux on HP BladeSystem servers. HP will offer Red Hat Enterprise Linux and management bundle that combines
More informationMingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway
Mingyu Web Application Firewall (DAS- WAF) - - - All transparent deployment for Web application gateway All transparent deployment Full HTTPS site defense Prevention of OWASP top 10 Website Acceleration
More informationKeeping your data yours
CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,
More informationHow I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security
How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security PART 1 - COMPLIANCE STANDARDS PART 2 SECURITY IMPACT THEMES BUILD A MODEL THEMES MONITOR FOR FAILURE THEMES DEMONSTRATE
More informationMONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014
MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 COMPLIANCE SCHEDULE REQUIREMENT PERIOD DESCRIPTION REQUIREMENT PERIOD DESCRIPTION 8.5.6 As Needed 11.1 Monthly 1.3 Quarterly 1.1.6 Semi-Annually
More informationG-Cloud Pricing. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS
G-Cloud Pricing Atos infrastructure Vulnerability Scanning (Outpost24) SaaS Contents 1. Introduction... 1 2. Pricing... 2 2.1 External Network Scan... 2 2.2 PCI DSS Approved Scanner Vendor (ASV) Scan...
More informationContinuous Network Monitoring for the New IT Landscape. March 16, 2015 (Revision 4)
Continuous Network Monitoring for the New IT Landscape March 16, 2015 (Revision 4) Table of Contents Introduction... 3 The New IT Landscape... 3 Gaps in the Modern IT Landscape... 5 Tenable s Five Critical
More informationConnection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more. Security Review
Connection Broker Managing User Connections to Workstations and Blades, OpenStack Clouds, VDI, and more Security Review Version 8.1 March 31, 2016 Contacting Leostream Leostream Corporation http://www.leostream.com
More informationIntro to Patching. Thomas Cameron, Chief Architect, Western US, Red Hat thomas@redhat.com twitter: thomasdcameron IRC: choirboy on Freenode
Intro to Patching Thomas Cameron, Chief Architect, Western US, Red Hat thomas@redhat.com twitter: thomasdcameron IRC: choirboy on Freenode RHCA, RHCSS, RHCDS, RHCVA, RHCX Agenda 2 Who am I? Who are you?
More informationRedhawk Network Security, LLC 62958 Layton Ave., Suite One, Bend, OR 97701 sales@redhawksecurity.com 866-605- 6328 www.redhawksecurity.
Planning Guide for Penetration Testing John Pelley, CISSP, ISSAP, MBCI Long seen as a Payment Card Industry (PCI) best practice, penetration testing has become a requirement for PCI 3.1 effective July
More informationSpeed Up Incident Response with Actionable Forensic Analytics
WHITEPAPER DATA SHEET Speed Up Incident Response with Actionable Forensic Analytics Close the Gap between Threat Detection and Effective Response with Continuous Monitoring January 15, 2015 Table of Contents
More informationSAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP
SAQ D Compliance Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP Ground Rules WARNING: Potential Death by PowerPoint Interaction Get clarification Share your institution s questions, challenges,
More informationEFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA
EFFECTIVE VULNERABILITY SCANNING DEMYSTIFYING SCANNER OUTPUT DATA Paul R. Lazarr, CISSP, CISA, CIPP, CRISK Sr. Managing Consultant, IBM Cybersecurity and Biometrics January 21, 2016 PERSONAL BACKGROUND
More informationSymposium (FBOS) PCI Compliance. Connecting Great Ideas and Great People. Agenda
2010 Finance & Business Operations Symposium (FBOS) PCI Compliance Cort M. Kane COO, designdata Judy Durham CFO, NPES Kymberly Bonzelaar, Sr. VP Capital One Richard Eggleston, Sr. Project Director, TMAR
More informationHow To Manage A Vulnerability Management Program
VULNERABILITY MANAGEMENT A White Paper Presented by: MindPoint Group, LLC 8078 Edinburgh Drive Springfield, VA 22153 (o) 703.636.2033 (f) 866.761.7457 www.mindpointgroup.com blog.mindpointgroup.com SBA
More informationNessus Enterprise for Amazon Web Services (AWS) Installation and Configuration Guide. July 16, 2014 (Revision 2)
Nessus Enterprise for Amazon Web Services (AWS) Installation and Configuration Guide July 16, 2014 (Revision 2) Table of Contents Introduction... 3 Requirements... 3 Standards and Conventions... 3 Nessus
More informationIT HEALTHCHECK TOP TIPS WHITEPAPER
WHITEPAPER PREPARED BY MTI TECHNOLOGY LTD w: mti.com t: 01483 520200 f: 01483 520222 MTI Technology have been specifying and conducting IT Healthcheck s across numerous sectors including commercial, public
More informationSecurityCenter 5.1 with Nessus Agent Support. October 22, 2015
SecurityCenter 5.1 with Nessus Agent Support October 22, 2015 Table of Contents Introduction... 3 Adding an Agent Repository... 6 Add Agent Scans and Import Agent Scan Results... 7 Tips and Tricks... 8
More informationRed Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment
Red Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment WHAT IS IT? Red Hat Network (RHN) Satellite server is an easy-to-use, advanced systems management platform
More informationConfiguring Virtual Switches for Use with PVS. February 7, 2014 (Revision 1)
Configuring Virtual Switches for Use with PVS February 7, 2014 (Revision 1) Table of Contents Introduction... 3 Basic PVS VM Configuration... 3 Platforms... 3 VMware ESXi 5.5... 3 Configure the ESX Management
More informationManaging Vulnerability Assessment
Security Threat Response Manager Release 2012.1 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2013-03-12 Copyright Notice Copyright 2013
More informationIntroduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Introduction to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and
More informationUsing Nessus to Detect Wireless Access Points. March 6, 2015 (Revision 4)
Using Nessus to Detect Wireless Access Points March 6, 2015 (Revision 4) Table of Contents Introduction... 3 Why Detect Wireless Access Points?... 3 Wireless Scanning for WAPs... 4 Detecting WAPs using
More informationMESSAGING SECURITY USING GLASSFISH AND OPEN MESSAGE QUEUE
MESSAGING SECURITY USING GLASSFISH AND OPEN MESSAGE QUEUE OWASP AppSec USA 2011 Conference (@appsecusa / hashtag: #appsecusa) Srini Penchikala (@srinip) 09.23.11 GOALS AND SCOPE Goals: Messaging security
More informationConnection Broker Managing User Connections to Workstations, Blades, VDI, and more. Security Review
Connection Broker Managing User Connections to Workstations, Blades, VDI, and more Security Review Version 8.1 October 21, 2015 Contacting Leostream Leostream Corporation http://www.leostream.com 465 Waverley
More informationThe Red Hat Enterprise Linux advantages over Oracle Linux
The Red Hat Enterprise Linux advantages over Oracle Linux 1 RED HAT CONTINUES TO LEAD THE LINUX MARKET WORLDWIDE LINUX SERVER OPERATING ENVIRONMENT NEW LICENSE PAID SHIPMENTS/SUBSCRIPTIONS AND NONPAID
More informationTEXAS AGRILIFE SERVER MANAGEMENT PROGRAM
TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State
More informationRed Hat Satellite Management and automation of your Red Hat Enterprise Linux environment
Red Hat Satellite Management and automation of your Red Hat Enterprise Linux environment WHAT IS IT? Red Hat Satellite server is an easy-to-use, advanced systems management platform for your Linux infrastructure.
More informationPierianDx - Clinical Genomicist Workstation Software as a Service FAQ s
PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationKeeping your data yours.
CORPORATE BROCHURE Keeping your data yours. Since 2001, Outpost24 has been a leader in vulnerability management solutions, developing state of the art vulnerability management technology from the core
More informationCybersecurity for Energy Delivery Systems 2010 Peer Review. Dale Peterson Digital Bond, Inc. Bandolier and Portaledge
Cybersecurity for Energy Delivery Systems 2010 Peer Review Alexandria, VA July 20-22, 2010 Dale Peterson Digital Bond, Inc. Bandolier and Portaledge Summary Slide: Bandolier Outcomes: Insure new and upgraded
More informationManaging Business Risk
Managing Business Risk With Assurance Report Cards April 7, 2015 Table of Contents Introduction... 3 Cybersecurity is a Business Issue... 3 Standards, Control Objectives and Controls... 5 Standards and
More informationwithout the fixed perimeters of legacy security.
TECHNICAL BRIEF The Halo cloud security platform was purpose-built to provide your organization with the critical protection, visibility and control needed to assure cloud security without the fixed perimeters
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More information