Jared Birdjaredbird@gmail.comTwitter: @jaredbird

Nagios:Providing Value Throughout the

Organization

Introduction

Who is Jared Bird?

Nagios

Providing Value

Provide knowledgeAssist other departmentsStrengthen inter-

department relationshipsAchieve company wide

goalsReduce costs

Understanding

What are the goals of the other departments?

Infrastructure

Network, Server, and Desktop Teams

Concerns include: Availability Capacity Utilization Functioning Properly

Security

Prevent data theftDeter identity theftAvoid legal issuesProtect brand“CIA Triad”

Confidentiality Integrity Availability

Threats

Default configurationsWebsite defacementMissing patchesDNS redirectionUnauthorized useMany, many more

Default Configurations

Default passwordsblank sa account

Once password is set, monitor with new credentials

XI Auto-discovery check for insecure protocols

Scheduled scans and output to Nagios

Website

Monitor for defacement check_http –H

www.yoursite.com –s “sekret” Checks for “sekret”

string

Check certificate check_http –H

www.mysite.com –C 21 Checks certificate for 21

days of validity

Software Installed

Check url for content (version)Ex:

http://www.adobe.com/software/flash/about/ Check for string “11.4.102.265”

DNS

Have DNS entries changed?

DNS hijackedHigh Impact

Unauthorized Use

LDAP check for account creationSyslog output from infrastructureSNMP Alerts

Audit & Compliance

PCISOXHIPPAAlmost every

regulation*

* Note: Speaker will not be held responsible if Nagios does not help achieve compliance with a specific regulation

PCI

PCI DSSAny organization that

processes, stores, or transmits credit card data

Requirements 12 overall requirements 287 individual

requirements

PCI

Reqs 1&2: Build and Maintain a Secure Network Auto-discovery to look for services Checks to verify that vendor defaults have been

changed

Reqs 3&4: Protect Cardholder Data Scan for insecure protocols Check for expiration of SSL certificates

Reqs 5&6: Maintain a Vulnerability Management Program Check the anti-virus process to ensure it is running

PCI

Reqs 7,8,& 9: Implement Strong Access Control Measures LDAP checks to ensure LDAP server is functioning Web Transaction Monitoring can be used to check two factor

Reqs 10&11: Regularly Monitor and Test Networks Check NTP Event logs from servers

Req 12: Maintain an Information Security Program Use device listings as well as contact info (incident response

plan)

SOX

Sarbanes-Oxley or Public Company Accounting Reform and Investors Protection Act

Section 404: Assessment of internal controlNagios can help management show that

controls for assuring the integrity of the financial reports are effective.

HIPAA Headlines

HIPAA

Technical Safeguards: Access Control Audit Control Integrity Controls Transmission Security

Questions?

Jared Birdjaredbird@gmail.comTwitter: @jaredbird

Thank You