Applied Watch Technologies - PowerPoint PPT Presentation

About This Presentation
Title:

Applied Watch Technologies

Description:

open.source.trends. Go ahead. Be free. ... HP-UX, MacOS, Solaris) Uses local system to block attacks. Email-based alerting on attacks ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 15
Provided by: erich80
Category:

less

Transcript and Presenter's Notes

Title: Applied Watch Technologies


1
Applied Watch Technologies
open.freedom
Go ahead. Be free.
  • The Enterprise Open Source Security Infrastructure

2
about.me
Go ahead. Be free.
  • Sold first company at 17
  • Information warfare consultant with Dept. of
    Defense
  • GCIA, CISSP
  • Published first advisory on hacking VPN
    appliances (Securityfocus.com). Spoke at Caesars
    Palace in Las Vegas
  • Nominated by MIT as Most Influential Technologist
    of 2002
  • CEO, President, Applied Watch Technologies
    (Enterprise Open Source Management Company)

3
Go ahead. Be free.
categories
4
what.is.open.source
Go ahead. Be free.
  • Open Source is a free alternative to commercial
    software developed and maintained by the
    community (thousands of developers)
  • Linux v/s Microsoft Windows
  • Apache v/s Microsoft IIS
  • Snort v/s ISS, Cisco, 3Com
  • Nagios v/s HP Openview

5
what.is.open.source
  • There is now an open source tool alternative for
    every commercial product
  • Network management tools
  • Intrusion Detection Systems
  • Antivirus
  • Firewalls
  • Operating Systems
  • Web Servers

6
Go ahead. Be free.
Go ahead. Be free.
open.source.trends
  • Gartner holds an annual open source summit
    discussing widespread use of open source in the
    enterprise
  • (Forrester Research) At least 75 of
    organizations have deployed open source software
  • (Forbes NOV 2005) Open source invades the
    enterprise.
  • May 2005 IBM Acquires Gluecode (Open Source
    competitor)
  • (Forbes) Chicago Mercantile Exchange cuts 2.5M
    in hardware costs by switching to Linux

7
Go ahead. Be free.
open.source.trends
  • (IDC) open source is used in nearly 75 percent of
    all organizations worldwide and includes hundreds
    of thousands of projects. Open source is in
    production in over half of the organizations.
  • (2005 Netcraft Survey) Apache dominates Web
    Server market over Microsoft with 70 Market
    Share
  • Navy protects battleships using open source Snort

8
Defense in-Depth
Commercial NIDS
Open Source NIDS
Open Source HIDS
9
why.open.source
  • COTS (Commercial-off-the-shelf) NIDS/NIPS dont
    do everything perfectly
  • Open Source signatures are community developed
    and in most cases are easier to write
  • There will soon be an equal or superior open
    source solution to every COTS security product
  • Commercial solutions can be very expensive. OSS
    lowers the TCO of Security.

10
oss.strategy nids
  • Snort IDS Network Intrusion Detection System
  • Pattern Matching
  • Protocol anomaly detection (data in SYN packet)
  • Target-aware (stream5 in Snort 3)
  • Passive or Inline Intrusion Prevention
  • Over 3M downloads to date

11
Go ahead. Be free.
oss.strategy nids
  • Bro IDS Network Intrusion Detection System
  • Developed by Lawrence Berkeley National Labs
  • Focused more on use in research environments
  • Detects anomalies in traffic behavior as well as
    patterns
  • Can alert, execute an OS command, or block
    traffic
  • More of a research platform for IDS

12
Go ahead. Be free.
oss.strategy hids
  • OSSEC HIDS Host Intrusion Detection and
    Prevention System
  • Ported to all major OS (Windows, Unix, BSD,
    Linux,
  • HP-UX, MacOS, Solaris)
  • Uses local system to block attacks
  • Email-based alerting on attacks
  • Performs log analysis, file integrity checking,
    rootkit
  • detection, time-based alerting, and active
    response

13
Go ahead. Be free.
oss.strategy hids
  • OSSEC HIDS Host Intrusion Detection and
    Prevention System
  • Agent/Server architecture
  • Signatures can be easily written
  • Detects changes to user dirs, md5 checksum
    changes,
  • changes to file/directory sizes, ownership
    changes, and
  • directory permissions.
  • Windows registry monitoring

14
Go ahead. Be free.
summary
  • In some organizations, OSS has replaced
  • commercial security and network products
  • In others, OSS augments COTS products as an
  • additional layer
  • Soon, OSS will be an option for every COTS
  • network and security product available
  • OSS is being relied upon for lowering TCO in
    Security
Write a Comment
User Comments (0)
About PowerShow.com