Nagios:
Providing Value Throughout
the Organization
JARED BIRD
JAREDBIRD@GMAIL.COM
TWITTER: @JAREDBIRD
Introduction
 Who is Jared Bird?
Nagios
Providing Value
 Provide knowledge
 Assist other departments
 Strengthen inter-department
relationships
 Achieve company wide goals
 Reduce costs
Understanding
 What are the goals of the
other departments?
Infrastructure
 Network, Server, and Desktop
Teams
 Concerns include:




Availability
Capacity
Utilization
Functioning Properly
Security
 Prevent data theft
 Deter identity theft
 Avoid legal issues
 Protect brand
 “CIA Triad”
 Confidentiality
 Integrity
 Availability
Threats
 Default configurations
 Website defacement
 Missing patches
 DNS redirection
 Unauthorized use
 Many, many more
Default Configurations
 Default passwords
 blank sa account
 Once password is set, monitor with new credentials
 XI Auto-discovery check for insecure protocols
 Scheduled scans and output to Nagios
Website
 Monitor for defacement
 check_http –H
www.yoursite.com –s
“sekret”

Checks for “sekret” string
 Check certificate
 check_http –H
www.mysite.com –C 21

Checks certificate for 21
days of validity
Software Installed
 Check url for content (version)
 Ex: http://www.adobe.com/software/flash/about/
 Check for string “11.4.102.265”
DNS
 Have DNS entries
changed?
 DNS hijacked
 High Impact
Unauthorized Use
 LDAP check for account creation
 Syslog output from infrastructure
 SNMP Alerts
Audit & Compliance
 PCI
 SOX
 HIPPA
 Almost every regulation*
* Note: Speaker will not be held responsible if Nagios does not help achieve
compliance with a specific regulation
PCI
 PCI DSS
 Any organization that
processes, stores, or
transmits credit card
data
 Requirements


12 overall requirements
287 individual requirements
PCI
 Reqs 1&2: Build and Maintain a Secure Network
 Auto-discovery to look for services
 Checks to verify that vendor defaults have been changed
 Reqs 3&4: Protect Cardholder Data
 Scan for insecure protocols
 Check for expiration of SSL certificates
 Reqs 5&6: Maintain a Vulnerability Management
Program

Check the anti-virus process to ensure it is running
PCI
 Reqs 7,8,& 9: Implement Strong Access Control
Measures


LDAP checks to ensure LDAP server is functioning
Web Transaction Monitoring can be used to check two factor
 Reqs 10&11: Regularly Monitor and Test Networks
 Check NTP
 Event logs from servers
 Req 12: Maintain an Information Security Program
 Use device listings as well as contact info (incident response
plan)
SOX
 Sarbanes-Oxley or Public Company Accounting
Reform and Investors Protection Act
 Section 404: Assessment of internal control
 Nagios can help management show that controls for
assuring the integrity of the financial reports are
effective.
HIPAA Headlines
HIPAA
 Technical Safeguards:
 Access Control
 Audit Control
 Integrity Controls
 Transmission Security
Questions?
Jared Bird
jaredbird@gmail.com
Twitter: @jaredbird
Thank You