Handwritten Text Recognition for manuscripts and early printed texts
Solving the Open Source Security Puzzle
1. June 18, 2013 – Securing Ubiquity
Vic Hargrave
JB Cheng
Santiago González Bassett
2. Disclaimer
The views and opinions expressed during this conference are those of
the speakers and do not necessarily reflect the views and opinions
held by the Information Systems Security Association (ISSA), the
Silicon Valley ISSA, the San Francisco ISSA or the San Francisco Bay
Area InfraGard Members Alliance (IMA). Neither ISSA, InfraGard, nor
any of its chapters warrants the accuracy, timeliness or completeness
of the information presented. Nothing in this conference should be
construed as professional or legal advice or as creating a professional-
customer or attorney-client relationship. If professional, legal, or
other expert assistance is required, the services of a competent
professional should be sought.
June 18, 2013 – Securing Ubiquity
2
3. Log Normalization
Syslog
Comes default within *Nix operating systems.
Sylog-NG
Can be installed in various configurations to take the place
of default syslog.
Free to use or enterprise version available for purchase.
Many configuration types to export data.
OSSEC
Free to use
Can export via syslog to other systems.
June 18, 2013 – Securing Ubiquity
3
4. Solving the Open Source Security
Puzzle
What are the standards?
Why choose one product over another?
How do the various security components work
together?
How does this work in the real world, real
examples.
June 18, 2013 – Securing Ubiquity
4
5. June 18, 2013 – Securing Ubiquity
5
Understanding Rules
Customizable rulesets - Enable a security practitioner to
add true intelligence of their environment.
9. What is ?
Open Source SECurity
Open Source Host-based Intrusion Detection System
Provides protection for Windows, Linux, Mac OS, Solaris
and many *nix systems
http://www.ossec.net
Founded by Daniel Cid
Current project managers – JB Cheng and Vic Hargrave
June 18, 2013 – Securing Ubiquity
9
11. HIDS Advantages
Monitors system behaviors that are not evident from the
network traffic
Can find persistent threats that penetrate firewalls and
network intrusion detection/prevention systems
June 18, 2013 – Securing Ubiquity
11
15. PCI DSS Requirement
10.5.5 - Use file-integrity monitoring or change-detection
software on logs to ensure that existing log data cannot
be changed without generating alerts (although new data
being added should not cause an alert)
11.5 - Deploy file-integrity monitoring software to alert
personnel to unauthorized modification of critical system
files, configuration files, or content files; and configure
the software to perform critical file comparisons at least
weekly
June 18, 2013 – Securing Ubiquity
15
16. Annual gathering of OSSEC users and developers.
Community members discuss how they are using OSSEC,
what new features they would like and set the roadmap
for future releases.
OSSEC 2.7.1 soon to be released.
Planning for OSSEC 3.0 is underway.
OSSECCON 2013 will be held Thursday July 25th at Trend
Micro’s Cupertino office.
Please join us there!
June 18, 2013 – Securing Ubiquity
16
17. June 18, 2013 – Securing Ubiquity
Santiago González Bassett
santiago@alienvault.com
@santiagobassett
Alien Vault
17
18. About me
Developer, systems engineer, security
administrator, consultant and researcher in the last
10 years.
Member of OSSIM project team since its inception.
Implemented distributed Open Source security
technologies in large enterprise environments for
European and US companies.
June 18, 2013 – Securing Ubiquity
http://santi-bassett.blogspot.com/
@santiagobassett
18
19. What is OSSIM?
OSSIM is the Open Source SIEM – GNU GPL version 3.0
With over 195,000 downloads it is the most widely
used SIEM in the world.
Created in 2003, is developed and maintained by
Alien Vault and community contributors.
Provides Unified and Intelligent Security.
June 18, 2013 – Securing Ubiquity
http://communities.alienvault.com/
19
20. Why OSSIM?
Because provides security Intelligence
Discards false positives
Assesses the impact of an attack
Collaboratively learns about APT
June 18, 2013 – Securing Ubiquity
Because Unifies security management
Centralizes information
Integrates threats detection tools
20
31. June 18, 2013 – Securing Ubiquity
31
Disclaimer
The views and opinions expressed during this conference are those of the speakers and do not necessarily reflect the views and
opinions held by the Information Systems Security Association (ISSA), the Silicon Valley ISSA, the San Francisco ISSA or the San
Francisco Bay Area InfraGard Members Alliance (IMA). Neither ISSA, InfraGard, nor any of its chapters warrants the
accuracy, timeliness or completeness of the information presented. Nothing in this conference should be construed as
professional or legal advice or as creating a professional-customer or attorney-client relationship. If professional, legal, or other
expert assistance is required, the services of a competent professional should be sought.
Thank you
Santiago Gonzalez Bassett
santiago@alienvault.com
@santiagobassett
Alien Vault