SlideShare ist ein Scribd-Unternehmen logo

securing_syslog_onFreeBSD

Als PPT, PDF herunterladen
webuploader
webuploader
TechnologieBildung
1 von 30
Securing syslog on FreeBSD © Albert Mietus [email_address] [email_address]
Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ALbert Mietus ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Part 1 syslog , an overview
Syslog (1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Syslog (2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Syslog, Again .. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Syslog-secure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Device Collector Relay Relay Collector Relay
Part 2 a 5 minutes introduction into cryptography
Cryptography ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Asymmetric key authentication ,[object Object],[object Object],Some text you can read Fbzr grkg lbh pna ernq Some text you can read NB It’s impossible to calculate the "other" key !!! Result : you are sure who SENT it ! ! ! Private key Public key
Hashes & Signatures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
All, in a nutshell Some text you can read HASH UNFU HASH HASH IFF the HASHes are equal, the message is OK ! ! ! Private key hash Some text you can read UNFU hash Public key compare
Part 3 securing syslog , using syslog-sign . A simple implementation
Step by step ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 1: “rfc3164 mode” ,[object Object],[object Object],[object Object],[object Object],Max 1024 bytes MSG optional Usually up to a few hundreds of bytes about 70 bytes 3 to 5 bytes HEADER PRI TIME-STAMP HOST-NAME < ddd > TAG CONTENT Free format readable text
rfc3164-mode: design ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Rfc3164-mode: implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Syslog-sign: concept SIGN Send & Store hash MSG HEADER PRI N+1: H ( N+1) hash MSG HEADER PRI N+2: H ( N+2 ) hash MSG HEADER PRI N+3: H ( N+3 ) hash MSG HEADER PRI N: H ( N ) H(N) H(N+1) H(N+2) H(N+3) HEADER PRI Private key hash
Syslog-sign: transport & storage Send & Store All messages are handled as normal syslog messages. They are transported and stored by all (rfc3164 compliant) syslog daemons ! MSG HEADER PRI N+1: MSG HEADER PRI N+2: MSG HEADER PRI N+3: MSG HEADER PRI N: H(N) H(N+1) H(N+2) H(N+3) HEADER PRI SIGN
Syslog-sign concept: verifying Continue Matching SIGN It’s possible to mark all “good” messages! ! ! MSG HEADER PRI N+1: MSG HEADER PRI N+2: MSG HEADER PRI N+3: MSG HEADER PRI N: H(N) H(N+1) H(N+2) H(N+3) HEADER PRI hash Compare Match? Match? Match? Match? hashes H ( N+3 ) H ( N+2 ) H ( N+1) H ( N ) Public key
Syslog-sign, details ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
signed in syslogd ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Syslogd-sign, design ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Syslogd-sign, implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Complication : “compression” ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The public key ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Base64 is used to send a binary part @#SigCer Base64 HEADER PRI @#SigCer is used HEADER PRI @#SigCer to send HEADER PRI @#SigCer a b i nary HEADER PRI @#SigCer part HEADER PRI Public key
Public key & verification Validation can start after the public key is assembled from Certificate Blocks SIGN ,[object Object],[object Object],But they don’t need to be “in order”! MSG HEADER PRI MSG HEADER PRI MSG HEADER PRI MSG HEADER PRI H(N) H(N+1) H(N+2) H(N+3) HEADER PRI SIGN @#SigCer Base64 HEADER PRI @#SigCer is used HEADER PRI @#SigCer to send HEADER PRI @#SigCer a b i nary HEADER PRI @#SigCer part HEADER PRI Public key
Result ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],You can assure the log-messages are correct ! ! !
And finally ... ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Empfohlen

bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdwebuploader
 
Mak3
Mak3Mak3
Mak3webuploader
 
visagie_freebsd
visagie_freebsdvisagie_freebsd
visagie_freebsdwebuploader
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat KorchaginNETWAYS
 
BackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationBackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationJorge Orchilles
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...CODE BLUE
 
Access over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEamiable_indian
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule WritingCisco DevNet
 

Empfohlen

bh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdbh-us-02-murphey-freebsd
bh-us-02-murphey-freebsdwebuploader
 
Mak3
Mak3Mak3
Mak3webuploader
 
visagie_freebsd
visagie_freebsdvisagie_freebsd
visagie_freebsdwebuploader
 
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchaginstackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin
stackconf 2020 | Speeding up Linux disk encryption by Ignat KorchaginNETWAYS
 
BackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationBackTrack 4 R2 - SFISSA Presentation
BackTrack 4 R2 - SFISSA PresentationJorge Orchilles
 
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! ...CODE BLUE
 
Access over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEAccess over Ethernet: Insecurites in AoE
Access over Ethernet: Insecurites in AoEamiable_indian
 
Introduction to Snort Rule Writing
Introduction to Snort Rule WritingIntroduction to Snort Rule Writing
Introduction to Snort Rule WritingCisco DevNet
 
DNS over HTTPS
DNS over HTTPSDNS over HTTPS
DNS over HTTPSDaniel Stenberg
 
Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Shakacon
 
IPV6 Under the Hood
IPV6 Under the HoodIPV6 Under the Hood
IPV6 Under the Hoodamiable_indian
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingShakacon
 
Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Shakacon
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programmingkozossakai
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl
 
Make container without_docker_7
Make container without_docker_7Make container without_docker_7
Make container without_docker_7Sam Kim
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)Sam Kim
 
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...RootedCON
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-TutorialVladimir Koychev
 
Building a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersBuilding a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersMichelle Holley
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Http3 fullstackfest-2019
Http3 fullstackfest-2019Http3 fullstackfest-2019
Http3 fullstackfest-2019Daniel Stenberg
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 
TRENDnet IP Camera Multiple Vulnerabilities
TRENDnet IP Camera Multiple VulnerabilitiesTRENDnet IP Camera Multiple Vulnerabilities
TRENDnet IP Camera Multiple Vulnerabilitiesinsight-labs
 
Dockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networkingDockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networkingAndreas Schmidt
 
Snort
SnortSnort
Snortbala150985
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerShakacon
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 
FreeBSD - LinuxExpo
FreeBSD - LinuxExpoFreeBSD - LinuxExpo
FreeBSD - LinuxExpowebuploader
 
CFInterop
CFInteropCFInterop
CFInteropwebuploader
 

Weitere ähnliche Inhalte

Was ist angesagt?

Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Shakacon
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingShakacon
 
Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Shakacon
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programmingkozossakai
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl
 
Make container without_docker_7
Make container without_docker_7Make container without_docker_7
Make container without_docker_7Sam Kim
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)Sam Kim
 
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...RootedCON
 
Building a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersBuilding a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersMichelle Holley
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Http3 fullstackfest-2019
Http3 fullstackfest-2019Http3 fullstackfest-2019
Http3 fullstackfest-2019Daniel Stenberg
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsPaulWay
 
TRENDnet IP Camera Multiple Vulnerabilities
TRENDnet IP Camera Multiple VulnerabilitiesTRENDnet IP Camera Multiple Vulnerabilities
TRENDnet IP Camera Multiple Vulnerabilitiesinsight-labs
 
Dockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networkingDockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networkingAndreas Schmidt
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerShakacon
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 

Was ist angesagt? (20)

DNS over HTTPS
DNS over HTTPSDNS over HTTPS
DNS over HTTPS
 
Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!
 
IPV6 Under the Hood
IPV6 Under the HoodIPV6 Under the Hood
IPV6 Under the Hood
 
XFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnellingXFLTReat: a new dimension in tunnelling
XFLTReat: a new dimension in tunnelling
 
Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...Dock ir incident response in a containerized, immutable, continually deploy...
Dock ir incident response in a containerized, immutable, continually deploy...
 
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
 
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
 
Make container without_docker_7
Make container without_docker_7Make container without_docker_7
Make container without_docker_7
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
 
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
 
Snort-IPS-Tutorial
Snort-IPS-TutorialSnort-IPS-Tutorial
Snort-IPS-Tutorial
 
Building a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear ContainersBuilding a Virtualized Continuum with Intel(r) Clear Containers
Building a Virtualized Continuum with Intel(r) Clear Containers
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safe
 
Http3 fullstackfest-2019
Http3 fullstackfest-2019Http3 fullstackfest-2019
Http3 fullstackfest-2019
 
Slug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For SysadminsSlug 2009 06 SELinux For Sysadmins
Slug 2009 06 SELinux For Sysadmins
 
TRENDnet IP Camera Multiple Vulnerabilities
TRENDnet IP Camera Multiple VulnerabilitiesTRENDnet IP Camera Multiple Vulnerabilities
TRENDnet IP Camera Multiple Vulnerabilities
 
Dockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networkingDockerffm meetup 20150113_networking
Dockerffm meetup 20150113_networking
 
Snort
SnortSnort
Snort
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 

Andere mochten auch

FreeBSD - LinuxExpo
FreeBSD - LinuxExpoFreeBSD - LinuxExpo
FreeBSD - LinuxExpowebuploader
 
3_System_Requirements_and_Scaling
3_System_Requirements_and_Scaling3_System_Requirements_and_Scaling
3_System_Requirements_and_Scalingwebuploader
 

Andere mochten auch (7)

FreeBSD - LinuxExpo
FreeBSD - LinuxExpoFreeBSD - LinuxExpo
FreeBSD - LinuxExpo
 
CFInterop
CFInteropCFInterop
CFInterop
 
3_System_Requirements_and_Scaling
3_System_Requirements_and_Scaling3_System_Requirements_and_Scaling
3_System_Requirements_and_Scaling
 
BPotter-L1-05
BPotter-L1-05BPotter-L1-05
BPotter-L1-05
 
freebsd-watitis
freebsd-watitisfreebsd-watitis
freebsd-watitis
 
CLI313
CLI313CLI313
CLI313
 
ICPW2007.deMoor
ICPW2007.deMoorICPW2007.deMoor
ICPW2007.deMoor
 

Ähnlich wie securing_syslog_onFreeBSD

Advanced Log Processing
Advanced Log ProcessingAdvanced Log Processing
Advanced Log ProcessingAnton Chuvakin
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGAll Things Open
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngPeter Czanik
 
Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngPeter Czanik
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkRainer Gerhards
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionTanner Lovelace
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetDavid Sweigert
 
NetBSD syslogd with IETF Syslog Protocols
NetBSD syslogd with IETF Syslog ProtocolsNetBSD syslogd with IETF Syslog Protocols
NetBSD syslogd with IETF Syslog ProtocolsMartin Schütte
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...Alexandre Moneger
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamCodemotion
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRoberto Franchini
 
Secured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionSecured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionTharindu Weerasinghe
 

Ähnlich wie securing_syslog_onFreeBSD (20)

Advanced Log Processing
Advanced Log ProcessingAdvanced Log Processing
Advanced Log Processing
 
Scaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NGScaling Your Logging Infrastructure With Syslog-NG
Scaling Your Logging Infrastructure With Syslog-NG
 
Scaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ngScaling your logging infrastructure using syslog-ng
Scaling your logging infrastructure using syslog-ng
 
A02 assignment-2
A02 assignment-2A02 assignment-2
A02 assignment-2
 
Get the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ngGet the most out of your security logs using syslog-ng
Get the most out of your security logs using syslog-ng
 
Cours4.pptx
Cours4.pptxCours4.pptx
Cours4.pptx
 
Moein
MoeinMoein
Moein
 
Fedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 TalkFedora Developer's Conference 2014 Talk
Fedora Developer's Conference 2014 Talk
 
Advances in Open Source Password Cracking
Advances in Open Source Password CrackingAdvances in Open Source Password Cracking
Advances in Open Source Password Cracking
 
Network security cs9 10
Network security cs9 10Network security cs9 10
Network security cs9 10
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
 
Rootconf2019
Rootconf2019Rootconf2019
Rootconf2019
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheet
 
Pgp smime
Pgp smimePgp smime
Pgp smime
 
NetBSD syslogd with IETF Syslog Protocols
NetBSD syslogd with IETF Syslog ProtocolsNetBSD syslogd with IETF Syslog Protocols
NetBSD syslogd with IETF Syslog Protocols
 
Syslog Protocols
Syslog ProtocolsSyslog Protocols
Syslog Protocols
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time stream
 
Redis for duplicate detection on real time stream
Redis for duplicate detection on real time streamRedis for duplicate detection on real time stream
Redis for duplicate detection on real time stream
 
Secured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryptionSecured algorithm for gsm encryption & decryption
Secured algorithm for gsm encryption & decryption
 

Mehr von webuploader

Michael_Hulme_Banff_Social_Networking
Michael_Hulme_Banff_Social_NetworkingMichael_Hulme_Banff_Social_Networking
Michael_Hulme_Banff_Social_Networkingwebuploader
 
cyberSecurity_Milliron
cyberSecurity_MillironcyberSecurity_Milliron
cyberSecurity_Millironwebuploader
 
LiveseyMotleyPresentation
LiveseyMotleyPresentationLiveseyMotleyPresentation
LiveseyMotleyPresentationwebuploader
 
FairShare_Morningstar_022607
FairShare_Morningstar_022607FairShare_Morningstar_022607
FairShare_Morningstar_022607webuploader
 
ScalabilityAvailability
ScalabilityAvailabilityScalabilityAvailability
ScalabilityAvailabilitywebuploader
 
scale_perf_best_practices
scale_perf_best_practicesscale_perf_best_practices
scale_perf_best_practiceswebuploader
 
7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summitwebuploader
 
FacebookandMySpace
FacebookandMySpaceFacebookandMySpace
FacebookandMySpacewebuploader
 
SocialNetworkingSitesandtheJobSearch
SocialNetworkingSitesandtheJobSearchSocialNetworkingSitesandtheJobSearch
SocialNetworkingSitesandtheJobSearchwebuploader
 
CollierMagid10_17_06
CollierMagid10_17_06CollierMagid10_17_06
CollierMagid10_17_06webuploader
 
MyspaceandFacebook
MyspaceandFacebookMyspaceandFacebook
MyspaceandFacebookwebuploader
 

Mehr von webuploader (20)

Michael_Hulme_Banff_Social_Networking
Michael_Hulme_Banff_Social_NetworkingMichael_Hulme_Banff_Social_Networking
Michael_Hulme_Banff_Social_Networking
 
socialpref
socialprefsocialpref
socialpref
 
cyberSecurity_Milliron
cyberSecurity_MillironcyberSecurity_Milliron
cyberSecurity_Milliron
 
PJO-3B
PJO-3BPJO-3B
PJO-3B
 
LiveseyMotleyPresentation
LiveseyMotleyPresentationLiveseyMotleyPresentation
LiveseyMotleyPresentation
 
FairShare_Morningstar_022607
FairShare_Morningstar_022607FairShare_Morningstar_022607
FairShare_Morningstar_022607
 
saito_porcupine
saito_porcupinesaito_porcupine
saito_porcupine
 
ScalabilityAvailability
ScalabilityAvailabilityScalabilityAvailability
ScalabilityAvailability
 
scale_perf_best_practices
scale_perf_best_practicesscale_perf_best_practices
scale_perf_best_practices
 
7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit7496_Hall 070204 Research Faculty Summit
7496_Hall 070204 Research Faculty Summit
 
Chapter5
Chapter5Chapter5
Chapter5
 
WCE031_WH06
WCE031_WH06WCE031_WH06
WCE031_WH06
 
evans
evansevans
evans
 
COMO2006
COMO2006COMO2006
COMO2006
 
FacebookandMySpace
FacebookandMySpaceFacebookandMySpace
FacebookandMySpace
 
SocialNetworkingSitesandtheJobSearch
SocialNetworkingSitesandtheJobSearchSocialNetworkingSitesandtheJobSearch
SocialNetworkingSitesandtheJobSearch
 
CollierMagid10_17_06
CollierMagid10_17_06CollierMagid10_17_06
CollierMagid10_17_06
 
facebk_wkshp-1
facebk_wkshp-1facebk_wkshp-1
facebk_wkshp-1
 
MyspaceandFacebook
MyspaceandFacebookMyspaceandFacebook
MyspaceandFacebook
 
MySpace
MySpaceMySpace
MySpace
 

Kürzlich hochgeladen

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Kürzlich hochgeladen (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

securing_syslog_onFreeBSD

  • 1. Securing syslog on FreeBSD © Albert Mietus [email_address] [email_address]
  • 2.
  • 3.
  • 4. Part 1 syslog , an overview
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. Part 2 a 5 minutes introduction into cryptography
  • 10.
  • 11.
  • 12.
  • 13. All, in a nutshell Some text you can read HASH UNFU HASH HASH IFF the HASHes are equal, the message is OK ! ! ! Private key hash Some text you can read UNFU hash Public key compare
  • 14. Part 3 securing syslog , using syslog-sign . A simple implementation
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. Syslog-sign: concept SIGN Send & Store hash MSG HEADER PRI N+1: H ( N+1) hash MSG HEADER PRI N+2: H ( N+2 ) hash MSG HEADER PRI N+3: H ( N+3 ) hash MSG HEADER PRI N: H ( N ) H(N) H(N+1) H(N+2) H(N+3) HEADER PRI Private key hash
  • 20. Syslog-sign: transport & storage Send & Store All messages are handled as normal syslog messages. They are transported and stored by all (rfc3164 compliant) syslog daemons ! MSG HEADER PRI N+1: MSG HEADER PRI N+2: MSG HEADER PRI N+3: MSG HEADER PRI N: H(N) H(N+1) H(N+2) H(N+3) HEADER PRI SIGN
  • 21. Syslog-sign concept: verifying Continue Matching SIGN It’s possible to mark all “good” messages! ! ! MSG HEADER PRI N+1: MSG HEADER PRI N+2: MSG HEADER PRI N+3: MSG HEADER PRI N: H(N) H(N+1) H(N+2) H(N+3) HEADER PRI hash Compare Match? Match? Match? Match? hashes H ( N+3 ) H ( N+2 ) H ( N+1) H ( N ) Public key
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.