Applied Watch Technologies

1
Applied Watch Technologies
open.freedom
Go ahead. Be free.

• The Enterprise Open Source Security Infrastructure

2
about.me
Go ahead. Be free.

• Sold first company at 17
• Information warfare consultant with Dept. of
  Defense
• GCIA, CISSP
• Published first advisory on hacking VPN
  appliances (Securityfocus.com). Spoke at Caesars
  Palace in Las Vegas
• Nominated by MIT as Most Influential Technologist
  of 2002
• CEO, President, Applied Watch Technologies
  (Enterprise Open Source Management Company)

3
Go ahead. Be free.
categories
4
what.is.open.source
Go ahead. Be free.

• Open Source is a free alternative to commercial
  software developed and maintained by the
  community (thousands of developers)
• Linux v/s Microsoft Windows
• Apache v/s Microsoft IIS
• Snort v/s ISS, Cisco, 3Com
• Nagios v/s HP Openview

5
what.is.open.source

• There is now an open source tool alternative for
  every commercial product
• Network management tools
• Intrusion Detection Systems
• Antivirus
• Firewalls
• Operating Systems
• Web Servers

6
Go ahead. Be free.
Go ahead. Be free.
open.source.trends

• Gartner holds an annual open source summit
  discussing widespread use of open source in the
  enterprise
• (Forrester Research) At least 75 of
  organizations have deployed open source software
• (Forbes NOV 2005) Open source invades the
  enterprise.
• May 2005 IBM Acquires Gluecode (Open Source
  competitor)
• (Forbes) Chicago Mercantile Exchange cuts 2.5M
  in hardware costs by switching to Linux

7
Go ahead. Be free.
open.source.trends

• (IDC) open source is used in nearly 75 percent of
  all organizations worldwide and includes hundreds
  of thousands of projects. Open source is in
  production in over half of the organizations.
• (2005 Netcraft Survey) Apache dominates Web
  Server market over Microsoft with 70 Market
  Share
• Navy protects battleships using open source Snort

8
Defense in-Depth
Commercial NIDS
Open Source NIDS
Open Source HIDS
9
why.open.source

• COTS (Commercial-off-the-shelf) NIDS/NIPS dont
  do everything perfectly
• Open Source signatures are community developed
  and in most cases are easier to write
• There will soon be an equal or superior open
  source solution to every COTS security product
• Commercial solutions can be very expensive. OSS
  lowers the TCO of Security.

10
oss.strategy nids

• Snort IDS Network Intrusion Detection System
• Pattern Matching
• Protocol anomaly detection (data in SYN packet)
• Target-aware (stream5 in Snort 3)
• Passive or Inline Intrusion Prevention
• Over 3M downloads to date

11
Go ahead. Be free.
oss.strategy nids

• Bro IDS Network Intrusion Detection System
• Developed by Lawrence Berkeley National Labs
• Focused more on use in research environments
• Detects anomalies in traffic behavior as well as
  patterns
• Can alert, execute an OS command, or block
  traffic
• More of a research platform for IDS

12
Go ahead. Be free.
oss.strategy hids

• OSSEC HIDS Host Intrusion Detection and
  Prevention System
• Ported to all major OS (Windows, Unix, BSD,
  Linux,
• HP-UX, MacOS, Solaris)
• Uses local system to block attacks
• Email-based alerting on attacks
• Performs log analysis, file integrity checking,
  rootkit
• detection, time-based alerting, and active
  response

13
Go ahead. Be free.
oss.strategy hids

• OSSEC HIDS Host Intrusion Detection and
  Prevention System
• Agent/Server architecture
• Signatures can be easily written
• Detects changes to user dirs, md5 checksum
  changes,
• changes to file/directory sizes, ownership
  changes, and
• directory permissions.
• Windows registry monitoring

14
Go ahead. Be free.
summary

• In some organizations, OSS has replaced
• commercial security and network products
• In others, OSS augments COTS products as an
• additional layer
• Soon, OSS will be an option for every COTS
• network and security product available
• OSS is being relied upon for lowering TCO in
  Security