Todays Meeting The game plan for todays dynamic
![Today’s Meeting • The game plan for today’s dynamic, fast track, off site meeting Today’s Meeting • The game plan for today’s dynamic, fast track, off site meeting](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-1.jpg)
![LINUX Operating System Audit & Assessment 3/17/2004 www. lsap. org www. linuxsecurity. org Michael LINUX Operating System Audit & Assessment 3/17/2004 www. lsap. org www. linuxsecurity. org Michael](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-2.jpg)
![Learning Objectives • • • Define an Audit Approach/Methodology Determine Audit Goals Individual Tests Learning Objectives • • • Define an Audit Approach/Methodology Determine Audit Goals Individual Tests](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-3.jpg)
![Audit Approach • • Define System Under Review (scope, LINUX) Determine Key Success Criteria Audit Approach • • Define System Under Review (scope, LINUX) Determine Key Success Criteria](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-4.jpg)
![Audit Approach Objective [system security] and Risks • • Authorized User Access Authorized Services Audit Approach Objective [system security] and Risks • • Authorized User Access Authorized Services](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-5.jpg)
![Standards • • Organization Policy Regulation Contractual Conformance Industry Best Practice – Center for Standards • • Organization Policy Regulation Contractual Conformance Industry Best Practice – Center for](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-6.jpg)
![Start Script Demo Here • • Show the Audit Program Show the Script File Start Script Demo Here • • Show the Audit Program Show the Script File](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-7.jpg)
![LINUX Tests – User Access • • • Who can be on the system, LINUX Tests – User Access • • • Who can be on the system,](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-8.jpg)
![LINUX Tests – Services • • • What services were loaded at startup? What LINUX Tests – Services • • • What services were loaded at startup? What](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-9.jpg)
![LINUX Tests – Connections • What networking devices are attached? • What other hosts LINUX Tests – Connections • What networking devices are attached? • What other hosts](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-10.jpg)
![LINUX Tests – File Systems • • What file systems are in use? Which LINUX Tests – File Systems • • What file systems are in use? Which](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-11.jpg)
![LINUX Tests – Logging • • • What was recorded recently in the systems LINUX Tests – Logging • • • What was recorded recently in the systems](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-12.jpg)
![LINUX Tests – Security Parms • What automated password controls are in place? – LINUX Tests – Security Parms • What automated password controls are in place? –](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-13.jpg)
![LINUX Tests – Applications • • • What applications are installed? What malware is LINUX Tests – Applications • • • What applications are installed? What malware is](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-14.jpg)
![Scripting Hints • • • User Interactive Predict and Deal with Errors, capture errors Scripting Hints • • • User Interactive Predict and Deal with Errors, capture errors](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-15.jpg)
![Other • • • Test, test Before using the Script Flavors of LINUX (Su. Other • • • Test, test Before using the Script Flavors of LINUX (Su.](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-16.jpg)
![Other • • SNARE – “IDS” www. intersectalliance. com More industry standards – www. Other • • SNARE – “IDS” www. intersectalliance. com More industry standards – www.](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-17.jpg)
- Slides: 17
![Todays Meeting The game plan for todays dynamic fast track off site meeting Today’s Meeting • The game plan for today’s dynamic, fast track, off site meeting](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-1.jpg)
Today’s Meeting • The game plan for today’s dynamic, fast track, off site meeting is to provide etched in stone exposure to those demograhically heads up elite who think outside the box regarding the best of breed and best practice techniques to drill down into the LINUX operating system metrics to provide a no brainer prototype deliverable that can add value to a scale where the recipient can be viewed as a leveraged top down virual fault tolerant market leader in profitability. • Do LINUX, impress someone
![LINUX Operating System Audit Assessment 3172004 www lsap org www linuxsecurity org Michael LINUX Operating System Audit & Assessment 3/17/2004 www. lsap. org www. linuxsecurity. org Michael](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-2.jpg)
LINUX Operating System Audit & Assessment 3/17/2004 www. lsap. org www. linuxsecurity. org Michael T Hoesing CISA, CISSP, CIA, CCP, CMA, CPA IS Audit Manager First National Nebraska Inc mhoesing@fnni. com (402) 636 -6646 Standard disclaimer, “‘I never said THAT, and if you did THAT, and something broke, it’s your own durn fault. ” also “The views expressed here are mine, not my employer’s. ” When using any tool, do no harm.
![Learning Objectives Define an Audit ApproachMethodology Determine Audit Goals Individual Tests Learning Objectives • • • Define an Audit Approach/Methodology Determine Audit Goals Individual Tests](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-3.jpg)
Learning Objectives • • • Define an Audit Approach/Methodology Determine Audit Goals Individual Tests to Achieve the Goals Scripting Hints Other Auditing Example – an independent assessment process (take home script)
![Audit Approach Define System Under Review scope LINUX Determine Key Success Criteria Audit Approach • • Define System Under Review (scope, LINUX) Determine Key Success Criteria](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-4.jpg)
Audit Approach • • Define System Under Review (scope, LINUX) Determine Key Success Criteria (objectives) Assess Risk (focus test resources where appropriate) Gather Standards (policy, procedures, regulation, contracts) Inventory the Current State (the script) Compare the Current State to Standards (analysis) Investigate Differences (reporting)
![Audit Approach Objective system security and Risks Authorized User Access Authorized Services Audit Approach Objective [system security] and Risks • • Authorized User Access Authorized Services](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-5.jpg)
Audit Approach Objective [system security] and Risks • • Authorized User Access Authorized Services Authorized Connections Authorized File Access Appropriate Recording/Logging Appropriate Security Parameters Authorized Applications High + High
![Standards Organization Policy Regulation Contractual Conformance Industry Best Practice Center for Standards • • Organization Policy Regulation Contractual Conformance Industry Best Practice – Center for](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-6.jpg)
Standards • • Organization Policy Regulation Contractual Conformance Industry Best Practice – Center for Internet Security (CIS Linux Benchmark Standards & Scoring Tool https: //www. cisecurity. org/sub_form. html different approach = compares to specific metrics (8. 3 password maximum days > 90 shows as negative)
![Start Script Demo Here Show the Audit Program Show the Script File Start Script Demo Here • • Show the Audit Program Show the Script File](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-7.jpg)
Start Script Demo Here • • Show the Audit Program Show the Script File Run the Script Review the Results
![LINUX Tests User Access Who can be on the system LINUX Tests – User Access • • • Who can be on the system,](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-8.jpg)
LINUX Tests – User Access • • • Who can be on the system, match to job function? Who is on the system right now? Password encryption in use? Who can be GOD ? From where can GOD access the system? What default and group ID’s are present?
![LINUX Tests Services What services were loaded at startup What LINUX Tests – Services • • • What services were loaded at startup? What](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-9.jpg)
LINUX Tests – Services • • • What services were loaded at startup? What processes are currently running? What services are set to run? What modules are loaded? What is accessing the CPU currently? What jobs are scheduled to run?
![LINUX Tests Connections What networking devices are attached What other hosts LINUX Tests – Connections • What networking devices are attached? • What other hosts](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-10.jpg)
LINUX Tests – Connections • What networking devices are attached? • What other hosts can connect to the system under review? • What communication protocols are used?
![LINUX Tests File Systems What file systems are in use Which LINUX Tests – File Systems • • What file systems are in use? Which](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-11.jpg)
LINUX Tests – File Systems • • What file systems are in use? Which files and directories are world writeable? What are the permissions on sensitive files & directories? What files were changed in the last day? 1. Who changed it? 2. Why, was that authorized? 3. Was the change tested?
![LINUX Tests Logging What was recorded recently in the systems LINUX Tests – Logging • • • What was recorded recently in the systems](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-12.jpg)
LINUX Tests – Logging • • • What was recorded recently in the systems event log? /var/log/messages What other logs are available? Who can alter the log file?
![LINUX Tests Security Parms What automated password controls are in place LINUX Tests – Security Parms • What automated password controls are in place? –](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-13.jpg)
LINUX Tests – Security Parms • What automated password controls are in place? – Min days – Max days – Length • What environment controls are in place? – Last users – shells
![LINUX Tests Applications What applications are installed What malware is LINUX Tests – Applications • • • What applications are installed? What malware is](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-14.jpg)
LINUX Tests – Applications • • • What applications are installed? What malware is present? Are there any monitoring tools?
![Scripting Hints User Interactive Predict and Deal with Errors capture errors Scripting Hints • • • User Interactive Predict and Deal with Errors, capture errors](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-15.jpg)
Scripting Hints • • • User Interactive Predict and Deal with Errors, capture errors Determine if a file or directory exists before executing a command
![Other Test test Before using the Script Flavors of LINUX Su Other • • • Test, test Before using the Script Flavors of LINUX (Su.](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-16.jpg)
Other • • • Test, test Before using the Script Flavors of LINUX (Su. SE 9. 0) Portable to UNIX ? Time 5 – 10 minutes if not testing WW files CPU usage - minimal
![Other SNARE IDS www intersectalliance com More industry standards www Other • • SNARE – “IDS” www. intersectalliance. com More industry standards – www.](https://slidetodoc.com/presentation_image_h/0c88d5d27629f63c7c0b7e0db2958623/image-17.jpg)
Other • • SNARE – “IDS” www. intersectalliance. com More industry standards – www. linuxsecurity. com C 2 Secure Logging (auditing) for LINUX [SAL] – http: //secureaudit. sourceforge. net Auditing Linux – Krishni Naidu – • • http: //www. sans. org/score/checklists/Auditing. Linux. doc Bastille does not work with Su. SE chksyslog and chkexploit_1_13
For today's meeting
Todays plan
Today meeting or today's meeting
What is meeting and types of meeting
Types of meeting
Transferered
Fspos vägledning för kontinuitetshantering
Typiska drag för en novell
Tack för att ni lyssnade bild
Ekologiskt fotavtryck
Shingelfrisyren
En lathund för arbete med kontinuitetshantering
Adressändring ideell förening
Tidbok
Sura för anatom
Förklara densitet för barn
Datorkunskap för nybörjare
Tack för att ni lyssnade bild