Presentation is loading. Please wait.

Presentation is loading. Please wait.

JARED BIRD Nagios: Providing Value Throughout the Organization.

Similar presentations


Presentation on theme: "JARED BIRD Nagios: Providing Value Throughout the Organization."— Presentation transcript:

1 JARED BIRD Nagios: Providing Value Throughout the Organization

2 Introduction Who is Jared Bird?

3 Nagios

4 Providing Value Provide knowledge Assist other departments Strengthen inter-department relationships Achieve company wide goals Reduce costs

5 Understanding What are the goals of the other departments?

6 Infrastructure Network, Server, and Desktop Teams Concerns include:  Availability  Capacity  Utilization  Functioning Properly

7 Security Prevent data theft Deter identity theft Avoid legal issues Protect brand “CIA Triad”  Confidentiality  Integrity  Availability

8 Threats Default configurations Website defacement Missing patches DNS redirection Unauthorized use Many, many more

9

10 Default Configurations Default passwords blank sa account  Once password is set, monitor with new credentials XI Auto-discovery check for insecure protocols Scheduled scans and output to Nagios

11 Website Monitor for defacement  check_http –H –s “sekret”  Checks for “sekret” string Check certificate  check_http –H –C 21  Checks certificate for 21 days of validity

12 Software Installed Check url for content (version) Ex:  Check for string “ ”

13 DNS Have DNS entries changed? DNS hijacked High Impact

14 Unauthorized Use LDAP check for account creation Syslog output from infrastructure SNMP Alerts

15 Audit & Compliance PCI SOX HIPPA Almost every regulation* * Note: Speaker will not be held responsible if Nagios does not help achieve compliance with a specific regulation

16 PCI PCI DSS Any organization that processes, stores, or transmits credit card data Requirements  12 overall requirements  287 individual requirements

17 PCI Reqs 1&2: Build and Maintain a Secure Network  Auto-discovery to look for services  Checks to verify that vendor defaults have been changed Reqs 3&4: Protect Cardholder Data  Scan for insecure protocols  Check for expiration of SSL certificates Reqs 5&6: Maintain a Vulnerability Management Program  Check the anti-virus process to ensure it is running

18 PCI Reqs 7,8,& 9: Implement Strong Access Control Measures  LDAP checks to ensure LDAP server is functioning  Web Transaction Monitoring can be used to check two factor Reqs 10&11: Regularly Monitor and Test Networks  Check NTP  Event logs from servers Req 12: Maintain an Information Security Program  Use device listings as well as contact info (incident response plan)

19 SOX Sarbanes-Oxley or Public Company Accounting Reform and Investors Protection Act Section 404: Assessment of internal control Nagios can help management show that controls for assuring the integrity of the financial reports are effective.

20 HIPAA Headlines

21 HIPAA Technical Safeguards:  Access Control  Audit Control  Integrity Controls  Transmission Security

22 Questions? Jared Bird Thank You


Download ppt "JARED BIRD Nagios: Providing Value Throughout the Organization."

Similar presentations


Ads by Google