Upload File

2013-08-22 nsa system security & management

45
SYSTEM SECURITY & MANAGEMENT SHAWN WELLS DIRECTOR, INNOVATION PROGRAMS unclass: [email protected] (+1) 443-534-0130 1 UNCLASSIFIED

Upload: shawn-wells

Post on 15-Apr-2017

119 views

Category:

Government & Nonprofit


4 download

Report

TRANSCRIPT

Page 1: 2013-08-22 NSA System Security & Management

SYSTEM SECURITY & MANAGEMENT

SHAWN WELLS DIRECTOR, INNOVATION PROGRAMS unclass: [email protected] (+1) 443-534-0130

1 UNCLASSIFIED

Page 2: 2013-08-22 NSA System Security & Management

60 MINUTES, 3 GOALS

1.  Review compliance tech + initiatives spanning I4, TS13, DISA, NIST, and Red Hat •  SCAP Security Guide

•  Security Baselines (CS2, STIG, etc)

•  Emerging Tech

2. 

3. 

Page 3: 2013-08-22 NSA System Security & Management

60 MINUTES, 3 GOALS

1.  Review compliance tech + initiatives spanning I4, TS13, DISA, NIST, and Red Hat •  SCAP Security Guide

•  Security Baselines (CS2, STIG, etc)

•  Emerging Tech

2.  T3 ATO’d System Management Framework •  System Provisioning, Patch Management, Monitoring, Conf Mgmt

•  Sponsored by T3 (“go redhat-support”)

3. 

Page 4: 2013-08-22 NSA System Security & Management

60 MINUTES, 3 GOALS

1.  Review compliance tech + initiatives spanning I4, TS13, DISA, NIST, and Red Hat •  SCAP Security Guide

•  Security Baselines (CS2, STIG, etc)

•  Emerging Tech

2.  T3 ATO’d System Management Framework •  System Provisioning, Patch Management, Monitoring, Conf Mgmt

•  Sponsored by T3 (“go redhat-support”)

3.  Demonstrate current capabilities

Page 5: 2013-08-22 NSA System Security & Management

NSA C63 (aka NIAP) & Red Hat: where we’ve been… and next stop

Page 6: 2013-08-22 NSA System Security & Management
Page 7: 2013-08-22 NSA System Security & Management
Page 8: 2013-08-22 NSA System Security & Management

SCAP Security Guide

FSO I43, I411, TS13,

T3

NVD U.S. Federal AUS Federal

AppSec Engineering

Page 9: 2013-08-22 NSA System Security & Management

RHEL5 STIG Delay: 1,988 days

RHEL6 STIG Delay:

932 days

Page 10: 2013-08-22 NSA System Security & Management

STIG Version 1, Release 2, Section 1.1:

“The consensus content was developed using an open source project called SCAP Security Guide. The project’s website is https://fedorahosted.org/scap-security-guide/. Except for differences in formatting to accommodate the DISA STIG publising process, the content of the RHEL6 STIG should mirror the SCAP Security Guide content with only minor divergences as updates from multiple sources work through the consensus process”

Page 11: 2013-08-22 NSA System Security & Management
Page 12: 2013-08-22 NSA System Security & Management
Page 13: 2013-08-22 NSA System Security & Management
Page 14: 2013-08-22 NSA System Security & Management

SCAP Security Guide

•  Guidance broken into profiles:

•  RHEL6 STIG

•  CS2

•  NIST NVD (JBoss only)

•  FISMA Moderate (in progress)

Page 15: 2013-08-22 NSA System Security & Management
Page 16: 2013-08-22 NSA System Security & Management
Page 17: 2013-08-22 NSA System Security & Management

<fix system="urn:xccdf:fix:script:sh"> yum -y install aide

</fix>

Page 18: 2013-08-22 NSA System Security & Management

SYSTEMS MANAGEMENT

18

Page 19: 2013-08-22 NSA System Security & Management

T3 SYSTEM MANAGEMENT CAPABILITIES

Page 20: 2013-08-22 NSA System Security & Management

T3 SYSTEM MANAGEMENT CAPABILITIES

Page 21: 2013-08-22 NSA System Security & Management
Page 22: 2013-08-22 NSA System Security & Management
Page 23: 2013-08-22 NSA System Security & Management
Page 24: 2013-08-22 NSA System Security & Management

T3 SYSTEM MANAGEMENT CAPABILITIES

Page 25: 2013-08-22 NSA System Security & Management

T3 SYSTEM MANAGEMENT CAPABILITIES

Page 26: 2013-08-22 NSA System Security & Management
Page 27: 2013-08-22 NSA System Security & Management
Page 28: 2013-08-22 NSA System Security & Management
Page 29: 2013-08-22 NSA System Security & Management
Page 30: 2013-08-22 NSA System Security & Management
Page 31: 2013-08-22 NSA System Security & Management

T3 SYSTEM MANAGEMENT CAPABILITIES

Page 32: 2013-08-22 NSA System Security & Management

T3 SYSTEM MANAGEMENT CAPABILITIES

Page 33: 2013-08-22 NSA System Security & Management

T3 SYSTEM MANAGEMENT CAPABILITIES

Page 34: 2013-08-22 NSA System Security & Management

T3 SYSTEM MANAGEMENT CAPABILITIES

Page 35: 2013-08-22 NSA System Security & Management

T3 RHN Satellite v6: Launching in 2014

•  An entirely new Satellite system •  Puppet for Configuration

•  Foreman for Provisioning

•  Katello for Content Management

•  Pulp for Repo Management

•  Candlepin for Subscription Management

Page 36: 2013-08-22 NSA System Security & Management

T3 RHN Satellite v6: Workflow

Page 37: 2013-08-22 NSA System Security & Management

T3 RHN Satellite v6: Workflow

Page 38: 2013-08-22 NSA System Security & Management

T3 RHN Satellite v6: Workflow

Page 39: 2013-08-22 NSA System Security & Management
Page 40: 2013-08-22 NSA System Security & Management
Page 41: 2013-08-22 NSA System Security & Management
Page 42: 2013-08-22 NSA System Security & Management
Page 43: 2013-08-22 NSA System Security & Management
Page 44: 2013-08-22 NSA System Security & Management
Page 45: 2013-08-22 NSA System Security & Management

THANK YOU!

45


SonicWall Network Security Appliance (NSA) · PDF fileThe SonicWall Network Security Appliance (NSA) series provides midsized networks, branch offices and distributed enterprises with

Router Security Configuration Guide by NSA

169098943 Cisco IOS Security Configuration Guide by NSA

Nsa Tempest 01-National Security Agency history

The SonicWALL Network Security Appliance Series · Certifications Firewall NSA 240 NSA 2400 NSA 3500 NSA 4500 SonicOS Version SonicOS Enhanced 5.6 (or higher) Stateful Throughput1

National Security Agency/ Central Security Service- NSA/CSS POLICY I-55

Nsa Cisco Router Security Guide

National Security Agency (NSA) document: Presidential

NSA a History of U S Communications Security Volume I

The National Security Agency (NSA) eavesdropping on

The SonicWALL Network Security Appliance Seriesmmvaquinhas.pt/sonicwall/DS_NSA_Series_US.pdf · Certifications Firewall NSA 240 NSA 2400 NSA 3500 NSA 4500 SonicOS Version SonicOS

SonicWall Network Security appliance (NSa) series · The SonicWall Network Security appliance (NSa) series provides mid-sized networks, branch offices and ... handled centrally through

NATO INDUSTRIAL SECURITY - PARP · NATO Office of Security NATO Facility Security Clearance (NFSC) Responsibility National Security Authority (NSA) • Designated Security Authority

NSA/CSS Policy 1-30 - National Security Agency

SonicWall Network Security Appliance (NSA) series...Description SKU NSA 5600 firewall only 01-SSC-3830 NSA 5600 TotalSecure Advanced (1-year) 01-SSC-1715 Firewall NSA 6600 Firewall

Netball South Africa NSA Membership NSA Membership Structures Structures NSA executive NSA executive NSA structure NSA structure Composition of NSA Composition

NSA Technology Transfer Program - Welcome to the National Security

EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)

Network Security Appliance Seriesstatic.highspeedbackbone.net/pdf/Sonicwall NSA 2400... · the Dell™ SonicWALL™ Network Security Appliance (NSA) Series of Next-Generation Firewalls

CNSS NSA Committee on Security Systems Education

National Security Agency (NSA) Cover Page for Each

DODD 5100.20 National Security Agency/Central Security Service (NSA/CSS)

Service (AFSS) - National Security Agency (NSA) Source of

NSA 201 Baldwin (1997) the Concept of Security

CORE SECRETS: NSA SABOTEURS IN CHINA AND GERMANY · 2014-10-22 · CORE SECRETS: NSA SABOTEURS IN CHINA AND GERMANY BY PETER MAASS AND LAURA POITRAS @maassp The National Security

NSA Security-Enhanced Linux (SELinux) · National Information Assurance Research Laboratory 4 SELinux: Background • Originated from NSA R&D. • First public release by NSA in Dec

E-Class Network Security Appliance Series · to corporate resources from Windows ... Firewall NSA E5500 NSA E6500 NSA 8500 NSA 8510 SonicOS version SonicOS Enhanced 5.6 (or higher)

National Security Agency (NSA) Newsletter, Oct 1999

Cisco IOS Security Configuration Guide (by NSA)

NSA Mobile Security

NSA a History of U S Communications Security Volume II

August 9, 2013 Director, National Security Agency Fort ...epic.org/privacy/nsa/NSA-Petition-8-9-13.pdf · Director, National Security Agency 9800 Savage Road Fort Meade, ... Carlisle,

Network Security Appliance Series€¦ · Firewall NSA 220/W NSA 250M/W NSA 2400 NSA 3500 NSA 4500 SonicOS version SonicOS 5.8.1.1 SonicOS enhanced 5.6 (or higher) Stateful throughput

Dell SonicWALL Network Security Appliance (NSA) Seriesmedia.zones.com/images/pdf/datasheet-nsa-series-dell.pdfThe Dell SonicWALL Network Security Appliance (NSA) series provides mid-sized

Cisco IOS Switch Security Configuration Guide (NSA)