Applied Watch Technologies - NWCLUG

bubblesradiographerServers

Dec 4, 2013 (3 years and 8 months ago)

105 views

Applied Watch

Technologies

Applied Watch Technologies

The Enterprise Open Source
Security Infrastructure

open.freedom

Go ahead.


Be free.

Applied Watch

Technologies

about.me

Go ahead.


Be free.

1.
Sold first company at 17

2.
Information warfare consultant with Dept. of Defense

3.
GCIA, CISSP

4.
Published first advisory on hacking VPN appliances
(Securityfocus.com). Spoke at Caesar’s Palace in Las Vegas

5.
Nominated by MIT as Most Influential Technologist of 2002

6.
CEO, President, Applied Watch Technologies (Enterprise
Open Source Management Company)




Applied Watch

Technologies

categories

Go ahead.


Be free.

Applied Watch

Technologies

what.is.open.source

Go ahead.


Be free.


Open Source is a free alternative to commercial
software developed and maintained by the
community (thousands of developers)

1.
Linux v/s Microsoft Windows

2.
Apache v/s Microsoft IIS

3.
Snort v/s ISS, Cisco, 3Com

4.
Nagios v/s HP Openview



Applied Watch

Technologies

what.is.open.source


There is now an open source tool alternative for
every commercial product

1.
Network management tools

2.
Intrusion Detection Systems

3.
Antivirus

4.
Firewalls

5.
Operating Systems

6.
Web Servers





Applied Watch

Technologies

open.source.trends

Go ahead.


Be free.


Gartner holds an annual open source summit discussing
widespread use of open source in the enterprise


(Forrester Research) At least 75% of organizations have deployed
open source software


(Forbes NOV 2005) Open source invades the enterprise.


May 2005 IBM Acquires Gluecode (Open Source competitor)


(Forbes) Chicago Mercantile Exchange cuts $2.5M in hardware
costs by switching to Linux





Go ahead.


Be free.

Applied Watch

Technologies

open.source.trends

Go ahead.


Be free.



(IDC) open source is used in nearly 75 percent of all organizations
worldwide and includes hundreds of thousands of projects. Open
source is in production in over half of the organizations.


(2005 Netcraft Survey) Apache dominates Web Server market over
Microsoft with 70% Market Share


Navy protects battleships using open source Snort




Applied Watch

Technologies

Defense in
-
Depth

Commercial NIDS

Open Source NIDS

Open Source HIDS

Applied Watch

Technologies

why.open.source


COTS (Commercial
-
off
-
the
-
shelf) NIDS/NIPS don’t do
everything perfectly


Open Source signatures are community developed and
in most cases are easier to write


There will soon be an equal or superior open source
solution to every COTS security product


Commercial solutions can be very expensive. OSS
lowers the TCO of Security.

Applied Watch

Technologies

oss.strategy: nids





Snort IDS: Network Intrusion Detection System



Pattern Matching



Protocol anomaly detection (data in SYN packet)



Target
-
aware (stream5 in Snort 3)



Passive or Inline Intrusion Prevention



Over 3M downloads to date

Applied Watch

Technologies

oss.strategy: nids

Go ahead.


Be free.





Bro IDS: Network Intrusion Detection System



Developed by Lawrence Berkeley National Labs



Focused more on use in research environments



Detects anomalies in traffic behavior as well as patterns



Can alert, execute an OS command, or block traffic



More of a research platform for IDS

Applied Watch

Technologies

oss.strategy: hids

Go ahead.


Be free.



OSSEC HIDS: Host Intrusion Detection and Prevention
System



Ported to all major OS (Windows, Unix, BSD, Linux,


HP
-
UX, MacOS, Solaris)



Uses local system to block attacks



Email
-
based alerting on attacks



Performs log analysis, file integrity checking, rootkit


detection, time
-
based alerting, and active response

Applied Watch

Technologies

oss.strategy: hids

Go ahead.


Be free.



OSSEC HIDS: Host Intrusion Detection and Prevention
System



Agent/Server architecture



Signatures can be easily written



Detects changes to user dirs, md5 checksum changes,


changes to file/directory sizes, ownership changes, and


directory permissions.



Windows registry monitoring

Applied Watch

Technologies

summary

Go ahead.


Be free.





In some organizations, OSS has replaced


commercial security and network products



In others, OSS augments COTS products as an


additional layer



Soon, OSS will be an option for every COTS


network and security product available



OSS is being relied upon for lowering TCO in Security