Open Source Security: Opportunity or Oxymoron?



Similar documents
By Jascha Wanger

Network Defense Tools

Intrusion Detection Systems (IDS)

IDS / IPS. James E. Thiel S.W.A.T.

Cisco PIX vs. Checkpoint Firewall

Linux Operating System Security

Network Security and Firewall 1

Course Title: Penetration Testing: Security Analysis

Installing and Configuring Nessus by Nitesh Dhanjani

Some Tools for Computer Security Incident Response Team (CSIRT)

Vulnerability Assessment Using Nessus

Open Source Security Tool Overview

Tk20 Network Infrastructure

Network Security Foundations

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

IDS and Penetration Testing Lab ISA656 (Attacker)

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Network Incident Report

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Network Security Management

Open Source Security Tools

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

funkwerk packetalarm NG IDS/IPS Systems

Network Forensics: Log Analysis

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

CRYPTUS DIPLOMA IN IT SECURITY

Introduction Open Source Security Tools for Information Technology Professionals

Achieving PCI-Compliance through Cyberoam

Network Attacks and Defenses

Chapter 4 Application, Data and Host Security

information security and its Describe what drives the need for information security.

CTS2134 Introduction to Networking. Module Network Security

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

74% 96 Action Items. Compliance

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology Xiaoqin Song 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS

Firewalls Overview and Best Practices. White Paper

An Open Source IPS. IIT Network Security Project Project Team: Mike Smith, Sean Durkin, Kaebin Tan

Introduction p. 2. Introduction to Information Security p. 1. Introduction

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

P Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis

LINUX NETWORK SECURITY

System Security Guide for Snare Server v7.0

NETWORK SECURITY (W/LAB) Course Syllabus

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Network Security Administrator

ELEN 689: Topics in Network Security: Firewalls. Ellen Mitchell Computing and Information Services 20 April 2006

Security Event Management. February 7, 2007 (Revision 5)

Firewalls. Chapter 3

BlackRidge Technology Transport Access Control: Overview

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Jort Kollerie SonicWALL

Networking: EC Council Network Security Administrator NSA

Chapter 7. Firewalls

Windows Remote Access

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

Network Access Security. Lesson 10

Εmerging Ways to Protect your Network

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Securing your Linux Server: Racing against the attacker. Nigel Edwards Hewlett-Packard

PCI DSS Compliance. with the Barracuda NG Firewall. White Paper

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES COMPUTING AND NETWORK SECURITY SEMESTER TWO EXAMINATIONS 2014/2015 NETWORK SECURITY MODULE NO: CPU6004

CompTIA Security+ (Exam SY0-410)

Alliance Key Manager A Solution Brief for Technical Implementers

PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO

Ovation Security Center Data Sheet

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

CSE331: Introduction to Networks and Security. Lecture 18 Fall 2006

Implementing Cisco IOS Network Security

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

How To Understand A Firewall

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

Ficha técnica de curso Código: IFCAD111

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

IBM Security QRadar Vulnerability Manager Version User Guide

COUNTERSNIPE

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Intrusion Detection Categories (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Basic & Advanced Administration for Citrix NetScaler 9.2

VPN. Date: 4/15/2004 By: Heena Patel

IDS and Penetration Testing Lab ISA 674

Transcription:

Open Source Security: Opportunity or Oxymoron? by George Lawton Presented by Eduard Kuziner COMP 595 SEC CSUN May 2002 1

Outline 1. What is Open Source? 2. Open Source Pros and Cons 3. Current Projects 4. Concerns and Challenges 5. Conclusions 2

What is Open Source? Open Source and Free software http://www.opensource.org http://www.fsf.org/philosophy/free-sw.html ``Free software'' is a matter of liberty, not price. To understand the concept, you should think of ``free'' as in ``free speech,'' not as in ``free beer' - Free Software Foundation The freedom to: 1. run the program for any purpose 2. study how the program works, and adapt it to your needs (Access to the source code is a precondition) 3. redistribute copies 4. improve the program, and release your improvements to the public * Free software does not mean non-commercial 3

Open Source Security s Pros And Cons Cost Quality Support Other issues (hacker danger vs. ease of customization) 4

Current Open Source Projects Kerberos Snort Snare Tripwire Nessus Saint Netfilter and iptables T.Rex PGP (?) 5

Kerberos Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity. Kerberos was developed by the MIT and released in 1987. It has since matured into a standard managed by the Internet Engineering Task Force s Common Authentication Technology Working Group. http://web.mit.edu/kerberos/www 6

Snort Snort is a lightweight network-intrusion-detection system, capable of performing real-time traffic analysis and packet logging on IP networks. Released in 1998, it helps detect potential intrusions by performing protocol analysis of packets, as well as content searching and matching and can detect various intrusions and probes, such as buffer overflows, stealth port scans, and common-gateway-interface attacks. It can be used as a straight packet sniffer, a packet logger, or as a full blown network intrusion detection system. http://www.snort.org 7

Snare Snare is a host-based intrusion-detection system for Linux systems. It uses dynamically loadable modular technology to interact with the Linux kernel at runtime. By using only the modules necessary for a task, Snare reduces the burden on the host system. 8

Tripwire Tripwire is an intrusion-detection system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc. Tripwire Academic Source version developed by Gene Kim has been downloaded more than a million times since its 1992 release. Tripwire Inc. later reengineered Tripwire from scratch as a commercial closed source program. (Free Linux version is available) http://www.tripwire.com 9

Nessus 2. NASL (Nessus Attack Scripting Language) a language for security tests (security checks can also be written in C) 3. Complete and exportable reports (ASCII text, LaTeX, HTML) 4. Up-to-date security vulnerability database (updated on a daily basis) 5. Smart service recognition (does not blindly believe that the target respects the assigned port numbers) 6. Full SSL support 7. Non-destructive (optional) Nessus is a vulnerability scanner for remotely auditing a Web site s security. 1. Plug-in architecture (allows easily add your own tests) http://www.nessus.org 10

Saint The Security Administrators Integrated Network Tool (Saint) is a vulnerability scanner (Unix/Linux) Based on a specific configuration, the policy engine determines whether and to what extent Saint can scan a set of hosts. The target acquisition subsystem creates a list of probing test attacks to run on hosts. The data acquisition subsystem collects facts about the probe s results. Using a rule base, the inference engine processes the facts while data is being collected and generates new target hosts, probes, and facts. The results subsystem takes the collected data and displays it as a hyperspace that users can work with via a browser. The Saint Corp. gives away older versions of the scanner, but sells the latest release. http://www.saintcorporation.com 11

Netfilter and iptables The netfilter/iptables project is the Linux 2.4.x / 2.5.x firewalling subsystem. It delivers the functionality of packet filtering (stateless or stateful), all different kinds of NAT (Network Address Translation) and packet mangling. Netfilter lets users track callback functions associated with a network intrusion, thereby recognizing that an attack is occurring. The iptables system lets users define actions the system should take when it detects an attack. http://www.netfilter.org or http://www.iptables.org 12

T.Rex T.Rex is an open source firewall that Freemont Avenue Software released in 2000. Main features include: Access Control and Authentication Network Address Translation (NAT) Fault Tolerant High Availability (99.999%) Hardware assisted VPN Content Filtering GUI Administration tool supporting multiple firewalls Granular access control Integrated Web Caching Extensive auditing/reporting tools and real-time performance monitor Network scanning and intrusion detection tools http://www.opensourcefirewall.com 13

PGP PGP or Pretty Good Privacy is a powerful cryptographic product family that allows secure exchange of messages, and to secure files, disk volumes and network connections with both privacy and strong authentication. It also includes PGPnet - a VPN client for secure peer-to-peer IP-based network connections and Self-Decrypting Archives (SDAs). MIT distributes PGP Freeware without cost for personal use in cooperation with Philip Zimmermann, the original author of PGP, Network Associates, and with RSA Security. http://web.mit.edu/network/pgp.html GnuPG is a complete and free replacement for PGP. http://www.gnupg.org The PGPi project is a non-profit initiative, whose purpose is to make PGP freely and legally available worldwide. http://www.pgpi.org 14

Concerns and Challenges Fear of open source Fear of backdoors Performance certifications Ease of use and management 15

Conclusions Open source security software is expected to become more common due to changing situation of the Internet and security, but its commercial and government use will probably remain limited (projected sales growth from 1% of all security products revenue in 2002 to 2% 2007) The question about pros and cons of open source is still open A promising application of source security software is its use in dedicated hardware, such as security appliances for securing fast network connections The paper provides informative overview of available open source security software and discusses related issues and trends, but does not attempt to analyze them in depth 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information