MEC by yurtgc548


									Implementing Information Security Using
        Open Source Software
             October 2003

               Yasser El Shishiny
        Information Security Unit Manager
                  TEDATA s.a.e
                      TEDATA S.a.e.

•TE Data S.A.E. is Egypt’s largest IP (Internet Protocol) based data
communications carrier with a national network and a regional
•TE Data was established in late 2001 by Telecom Egypt (the
incumbent telecom operator) to act as its data communications and
Internet arm.

•TE Data was awarded a “Class A” license from Egypt’s Telecommunication
Regulatory Authority (TRA). The license allows the company to: build its own
national backbone network; operate its international data gateway; co-locate
equipment in Central Offices; and sell IP-based services to end-users as well as
to other Service Providers
                   VISION AND MISSION

   TE Data was founded with one driving vision; a vision of
    systems that talk to each other not with standing their location.
   A vision in which technology works for its customers, not the
    other way around.
    TE Data is focused on taking Egypt and the region into the
    next age through its vision.
   Single Source for Managed Communication Services’

   ‘Focus on offering quality IP and Data Communication
    solutions to the MENA region’

   What is OpenSource Software (OSS)
   What are the Elements of Security
   How OSS Fits in Information Security
   What’s Other Nations Opinion in OSS
   Conclusion
What is open source software?
   The user is free to
    inspect/modify/redistribute the source code.
   OSS evolves because a large number of
    programmers are working on it.
   Astonishing speed of development
   Better software
   Decentralized (Bazaar style)
   Cost is far less than closed-source-software.
Closed-Source Software (CSS)
   Few developers
   Few testers
   Centralized (Cathedral style)
   Developers must obtain approval for each
   Long Development cycle
Examples of OSS
 Apache (web server)
 Perl (scripting language)
 Sendmail (controls most of the internet email)
 Linux (operating system)
 Netscape communicator
 gcc (c/c++ compiler)
 emacs (editor)
 latex (document processing)
          Benefits of Open Source
   Lower cost
       Billions can be saved because the software is free
   No copyright
       Freely distributed
   Higher security
     Less security holes
     No back doors

   Lower virus threats
       Almost no viruses for Linux
         Benefits of Open Source
   Reliability
     Extremely reliable
     Doesn’t crash or hang

     Doesn’t need reinstallation

   Applications
     An extremely large number of applications is
      available for free
     A large portion of commercial software has been
      ported to Linux
           Benefits of Open Source
   Support
       Internet based support through direct email and mailing lists
        is always available for free
       Many companies offer commercial support packages
   Promotion of local IT sector
       You have full access to the underlying technology
       You can develop staff capable of developing better software
        based on that technology
   Open standards
       No one controls the standards and gets royalties out of
        software built upon them
       Where can you obtain OSS

   SourceForge.
   Freshmeat
   Packetstorm
   Security focus
     Companies Supporting Open
   IBM
   Hp
   Dell
   Oracle
   Intel
   SGI
   …
User Friendly Applications on
     What Happened to Yahoo®?
   Denial of Service (DoS)
       February 2000:    Yahoo and CNN 1

   Multiple Hits
     September 2000:     Slashdot defaced
     May 2000:           Slashdot suffered DoS

     The irony is that is a popular
      "news for nerds" website
    What Happened to Amazon®?
   Website defacing:
    Hackers broke in & put up phony web pages
    (And now, newer worms/viruses are doing the same!)

       September 2000:     OPEC 1
       February 2000: Amazon® , eBay® 2
       November 1999:      NASA/Goddard 3
       October 31,1999:    Associated Press® 4
       August 1999:        ABC® 5
       June 1999:          U.S. Army

   SUSE
   Mandrake
   Turbo Linux
Why use Linux?
   Free.
   Popular
       runs on 386/486/Pentium/PentiumIV/alpha/sparc
       7 to 27 million users
       fastest growing UNIX
       most popular for internet services.
   powerful
   high quality
Why use Linux? (cont.)

   full UNIX features
   Can coexist with Win
   Can be used in small machines
   Can be used in server machines
   Support
       Internet
       Companies
   Documentation available from the internet
Confidence in Linux
Linux As a server
   Out of 810,000
    European servers
   27% web servers
   34% ftp servers
   26% news servers
      What Are You Protecting?

   Information

   Availability of the Systems

   Reputation & Goodwill
                Your Information
   Crown Jewels
       Trade secrets, patent ideas, research

   Financial information

   Personnel records

   Organizational structure
                Your Availability

   Internal use
       When employees can’t use the network, servers, or
        other necessary systems, they can’t work

   Website / online transactions
       Often when systems are unavailable, the
        organization is losing money
                Your Reputation
   Public trust
     If your organization is hacked, how reliable will
      people think you are you in other areas?
     Who wants to do business with companies that leak
      credit card information?

   Being a good neighbor
       Your organization may be hacked so it can be used
        as a springboard to attack others
           Threats to Availability

   Denial of Service (DoS)
       Connection flooding

   Destroying data
     Hardware failure
     Manual deletion

     Software agents: virus, trojans
            Threats to Integrity

   Hardware failure

   Software corruption
     Buggy software
     Improperly terminated programs

   Attacker altering data
        Threats to Authorization

   Attacker stealing data

   Lost / Stolen passwords

   Information Reconnaissance
          Organization information
         The 3 Goals of Security

   Ensure Availability

   Ensure Integrity

   Ensure Authorization & Authentication
     How Can OSS Fit In
Information Security Process ?
     Harding the operation system
   Manually by updating the OS , disabling unnecessary
    services & ports or locking down ports.
   Hardening systems with Bastille.
   Controlling and auditing root access with SUDO.
   Managing log files and using log enhancers.
      Swatch
      Scanlogd
    System Scanning and Probing

   Scanning from viruses using the AntiVir Antivirus.
   Scanning from DDOS attack software.
    Zombie Zapper
   Scanning system ports using Nmap.
   Deploying Cheops to monitor the network.
   Deploying Nessus to test Daemons Security.
Implementing an Intrusion Detection

   Tripwire to detect file changes in your OS.
   PortSentry as an host based IDS.
   Snort as a network based IDS.
   Prelude Hybrid Intrusion Detection system. The
    communication format chosen for Prelude is
               Snort “Metrics”

   Small (~800k source download)
   Portable (Linux, Windows, MacOS X, Solaris,
    BSD, IRIX, Tru64, HP-UX, etc)
   Fast (High probability of detection for a given
    attack on 100Mbps networks)
   Configurable (Easy rules language, many
    reporting/logging options
   Free (GPL/Open Source Software)
                 Snort Design

   Packet sniffing “lightweight” network intrusion
    detection system
   Libpcap-based sniffing interface
   Rules-based detection engine
   Plug-in system allows endless flexibility
           Snort 2.0 Architecture

   Basic goals
     Faster
     More extensible

     Better protocol support

     Better able to analyze the full gestalt of network
      intrusion activity
                    Snort 2.0 Plug-Ins

   More of them for more flexibility
       Data acquisition
       Traffic decoders
            Full protocol analysis and verification
            Multi-path traffic flows, packet and stream
       Multi-format rules input
            DB, XML, etc
       Pluggable detection engines
            Standard NIDS, Target-based IDS, Statistical IDS, Host-based IDS
        Snort 2.0 Improvements

   Improved detection & pattern matching
     Aho-Corasick/Boyer-Moore implementation from
      Silicon Defense
     LANL/RADIANT Team work on set-wise Boyer-
      Moore-Horspool algorithm
     ~500% in pattern matching performance
      improvement reported in research work!
            Snort 2.0 Improvements

   Spooling output stage
     Write Snort alert/log data to spool files, have a
      secondary process (‘barnyard’) read the spools and
      reformat for final output
     Output plug-ins attach to barnyard instead of being
      directly linked to Snort main code
           Deterministic performance measurements and focused
            performance improvement will be possible through this
               Uses for Snort

   Standard packet sniffing NIDS
   Policy Enforcement
   Honeypot monitor
   Scan detection/traps
           IDS Implementation Map
                               (Deception System)

                                 Generic Server
                                (Host-Based ID)
                                   (Snort 2.0)

               Filtering                      (Perimeter
                Router        Statistical IDS   Logs)
           (Perimeter Logs)      (Snort)

                                Network IDS
Troubleshooting the Networks with
   Using TCPdump for debugging.
   Ethereal to capture network packets.
   Viewing network traffic between hosts using
        Network Authentication

   Implementing one time password (OTP – OPIE)
   Implementing Kerberos ver.5
    Avoiding Sniffing Attacks through
   Using OpenSSH to encrypt network traffic
    between hosts
Creating Virtual Private Network

   Using IPsec with VPN tunneling protocol.
   Creating VPN using FreeS/WAN
      Implementing firewalls using
        IPTables or NetFilters
   Using FIAIF .
   Using FWbuilder.

     Deploying the Squid Web Proxy
Governments Adopting Open Source
                    1.    China
   5 year software contract for 1.96 billion dollars
    based on open source
   Saved about $20 billion dollars for the Chinese
   Improved china’s position in the balance &
    trade by 21.6 billion dollars
   Pushed $2 billion dollars in the Chinese
    software development market
2. France, Argentina, Italy, Brazil
   Discussing laws that mandates the use of open source whenever

3. Pakistan
 50,000 computers to be sold to schools and colleagues
   running open source software
 Targeting to be the first country in the world to have all
   government-run services running on open source
4 Germany
Moved the German parliament to open source
5. Malaysia
   Malaysia   sees the open source as a corner stone for the multimedia super
Governments Adopting Open Source
     6.    India, Philippines & Thailand

   Large deployments of Linux in education sector.
It is a Different Culture
   Open source culture: software is a part of
    human knowledge. Software including source code
    must be available to all the people to use, learn and
    develop upon.
   Commercial software culture: software is a
    commodity that can be built and sold to
    whoever wants to use it.

   Security Is a process.
   Security is not buying expensive tools.
   Security is also about policies and implementing it.
   There is no Silver bullet to fix it all.
TEDATA      is proud that 90%
of all its Systems and
Security is Running Under

   During the dot-com boom many companies learned the
    hard way that purchasing technology for technology’s
    sake is an unproductive waste of money.
   Some are learning now that implementing security for
    security’s sake can impede the flow of business and
    demoralize staff.
                                     --Jon Tullett SC Magazine
Open Source Software = Sharing Software

Sharing Software = Receiving and Giving
"The future is here, it's just not evenly distributed yet."
                                             -- William Gibson

To top