This document discusses how Nagios monitoring software can provide value across different departments in an organization. It describes how Nagios can help infrastructure teams monitor availability, capacity, and proper functioning. It also explains how Nagios can help security teams by detecting threats like default configurations, website defacement, missing patches, and unauthorized access. Finally, it outlines how Nagios supports compliance with regulations like PCI, SOX, and HIPAA by monitoring technical controls and security requirements.
10. Default Configurations
Default passwords
blank sa account
Once password is set, monitor with new credentials
XI Auto-discovery check for insecure protocols
Scheduled scans and output to Nagios
11. Website
Monitor for defacement
check_http –H
www.yoursite.com –s
“sekret”
Checks for “sekret” string
Check certificate
check_http –H
www.mysite.com –C 21
Checks certificate for 21
days of validity
12. Software Installed
Check url for content (version)
Ex: http://www.adobe.com/software/flash/about/
Check for string “11.4.102.265”
13. DNS
Have DNS entries
changed?
DNS hijacked
High Impact
15. Audit & Compliance
PCI
SOX
HIPPA
Almost every regulation*
* Note: Speaker will not be held responsible if Nagios does not help achieve
compliance with a specific regulation
16. PCI
PCI DSS
Any organization that
processes, stores, or
transmits credit card
data
Requirements
12 overall requirements
287 individual requirements
17. PCI
Reqs 1&2: Build and Maintain a Secure Network
Auto-discovery to look for services
Checks to verify that vendor defaults have been changed
Reqs 3&4: Protect Cardholder Data
Scan for insecure protocols
Check for expiration of SSL certificates
Reqs 5&6: Maintain a Vulnerability Management
Program
Check the anti-virus process to ensure it is running
18. PCI
Reqs 7,8,& 9: Implement Strong Access Control
Measures
LDAP checks to ensure LDAP server is functioning
Web Transaction Monitoring can be used to check two factor
Reqs 10&11: Regularly Monitor and Test Networks
Check NTP
Event logs from servers
Req 12: Maintain an Information Security Program
Use device listings as well as contact info (incident response
plan)
19. SOX
Sarbanes-Oxley or Public Company Accounting
Reform and Investors Protection Act
Section 404: Assessment of internal control
Nagios can help management show that controls for
assuring the integrity of the financial reports are
effective.
21. HIPAA
Technical Safeguards:
Access Control
Audit Control
Integrity Controls
Transmission Security
22. Questions?
Jared Bird
jaredbird@gmail.com
Twitter: @jaredbird
Thank You
Notas del editor
Nagios: Providing Value Throughout The Organization This talk will discuss how Nagios can be used to provide value to several areas of an organization. Providing value to areas such as security, audit and compliance in additition to the traditional infrastructure teams including ways that Nagios can assist in achieving compliance with several standards/regulations such as PCI, SOX, HIPAA, etc. will be discussed.
Married 1yr old & 3yr old 10+ year experience Work as a Security Engineer for a large healthcare provider Jared Bird currently works during the day maintaining a respectable level of security at a large local healthcare organization in the Minneapolis/St Paul area. He has a passion for everything security related and in his spare time he enjoys breaking things, bending the rules, and developing a plot for world domination.
Flexibility allows endless possibilities Use these capabilities to provide value to other areas of the organization
Quote from FBI Director Robert Mueller ’s 2012 RSA Keynote
Infrastructure == vmserver
The PCI Data Security Standard represents a common set of industry tools and measurements to help ensure the safe handling of sensitive information.
Autodiscovery – find insecure services
SOX was enacted to ensure that financial reports were accurate. All annual financial reports must include an Internal Control Report stating that management is responsible for an "adequate" internal control structure, and an assessment by managemnt of the effectiveness of the control structure. - sarbanes-oxley-101.com
Access control – Only allow authorized persons to access ePHI Audit control – Record and examine access to systems containing ePHI Integrity Controls – ePHI is not improperly altered or destroyed Trasmission Security – Guard against unauthroized access to ePHI