Presentation is loading. Please wait.

Presentation is loading. Please wait.

JARED BIRD Nagios: Providing Value Throughout the Organization.

Published byHomer Atkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "JARED BIRD Nagios: Providing Value Throughout the Organization."— Presentation transcript:

1 JARED BIRD JAREDBIRD@GMAIL.COM TWITTER: @JAREDBIRD Nagios: Providing Value Throughout the Organization

2 Introduction Who is Jared Bird?

3 Nagios

4 Providing Value Provide knowledge Assist other departments Strengthen inter-department relationships Achieve company wide goals Reduce costs

5 Understanding What are the goals of the other departments?

6 Infrastructure Network, Server, and Desktop Teams Concerns include:  Availability  Capacity  Utilization  Functioning Properly

7 Security Prevent data theft Deter identity theft Avoid legal issues Protect brand “CIA Triad”  Confidentiality  Integrity  Availability

8 Threats Default configurations Website defacement Missing patches DNS redirection Unauthorized use Many, many more

9

10 Default Configurations Default passwords blank sa account  Once password is set, monitor with new credentials XI Auto-discovery check for insecure protocols Scheduled scans and output to Nagios

11 Website Monitor for defacement  check_http –H www.yoursite.com –s “sekret” www.yoursite.com  Checks for “sekret” string Check certificate  check_http –H www.mysite.com –C 21 www.mysite.com  Checks certificate for 21 days of validity

12 Software Installed Check url for content (version) Ex: http://www.adobe.com/software/flash/about/http://www.adobe.com/software/flash/about/  Check for string “11.4.102.265”

13 DNS Have DNS entries changed? DNS hijacked High Impact

14 Unauthorized Use LDAP check for account creation Syslog output from infrastructure SNMP Alerts

15 Audit & Compliance PCI SOX HIPPA Almost every regulation* * Note: Speaker will not be held responsible if Nagios does not help achieve compliance with a specific regulation

16 PCI PCI DSS Any organization that processes, stores, or transmits credit card data Requirements  12 overall requirements  287 individual requirements

17 PCI Reqs 1&2: Build and Maintain a Secure Network  Auto-discovery to look for services  Checks to verify that vendor defaults have been changed Reqs 3&4: Protect Cardholder Data  Scan for insecure protocols  Check for expiration of SSL certificates Reqs 5&6: Maintain a Vulnerability Management Program  Check the anti-virus process to ensure it is running

18 PCI Reqs 7,8,& 9: Implement Strong Access Control Measures  LDAP checks to ensure LDAP server is functioning  Web Transaction Monitoring can be used to check two factor Reqs 10&11: Regularly Monitor and Test Networks  Check NTP  Event logs from servers Req 12: Maintain an Information Security Program  Use device listings as well as contact info (incident response plan)

19 SOX Sarbanes-Oxley or Public Company Accounting Reform and Investors Protection Act Section 404: Assessment of internal control Nagios can help management show that controls for assuring the integrity of the financial reports are effective.

20 HIPAA Headlines

21 HIPAA Technical Safeguards:  Access Control  Audit Control  Integrity Controls  Transmission Security

22 Questions? Jared Bird jaredbird@gmail.com Twitter: @jaredbird Thank You

Download ppt "JARED BIRD Nagios: Providing Value Throughout the Organization."

Similar presentations

Complying With Payment Card Industry Data Security Standards (PCI DSS)

Complying With Payment Card Industry Data Security Standards (PCI DSS)
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.

Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
The Regulation Zoo: Dealing With Compliance Within The Firewall World

The Regulation Zoo: Dealing With Compliance Within The Firewall World
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
Security Controls – What Works

Security Controls – What Works
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Kevin R Perry August 12, 2014. Part 1: High Level Changes & Clarifications.

Kevin R Perry August 12, Part 1: High Level Changes & Clarifications.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Introduction to PCI DSS

Introduction to PCI DSS
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015

Similar presentations

Ads by Google