There's a common misconception that Free/Open Source Software is of significantly less security than propitiatory software. This was proven wrong in many occasions, and the speaker was the one behind one of these occasions in a nation-level project, which was the Egyptian Elections for seven consecutive rounds, starting the March 2011 referendums until the latest presidential elections in 2014.
2. About the presenter
• Founder and CEO of Spirula Systems.
• Co-founder of OpenEgypt.
• Free Software Foundation (FSF) member.
• Independent consultant at MCIT.
• Advisory board member at Mushtarak.
• One of the authors of the Egyptian national FOSS
adoption strategy.
3. FOSS Security concerns
●
Attackers have full
visibility of my code.
●
Possibility of malicious
code injected as
contributions
●
So is everyone,
thousands of eyeballs are
checking it out and fixing it
●
Possibility of detecting it,
and possibility of
intentional backdoors on
closed source projects
4. FOSS Security concerns
●
Insufficient testing before
delivery
●
Heartbleed / Shellshock,
… etc.
●
Speed of fixing problems
●
And they were published
and fixed quickly, imagine
a closed source company
keeping the news low
while fixing it in a couple
of months (if you are
lucky)
5. Egyptian Elections portal
The Egyptian Elections portal contained:
• Information (candidates, laws, dates, ... etc)
• ID lookup database
• Polling station locations
• Out of country voters database
• Mothers database (related to OCV)
• Judges distribution and their data.
• Control room dashboard.
6. The Problem
• Uptime is critical.
• Sensitive data.
• High performance is crucial.
• Multiple entry points for multiple user profile:
●
ID lookups: https, SMS, … etc.
●
Out of country voters: https
●
Egyptian embassy: OpenVPN
●
Judges
●
Control room
7. The solution Design
• 100% Free/Open Source tools, from the virtualization
engine and Host OS and up – Zero licensing cost.
• No single point of failure, fully redundant multi-server
architecture.
• Quick and frequent deployments.
• Three geographical locations:
• London: contains only the public info & static contents
• Main site: contains all sensitive information
• DR site: replica of main site with smaller scale
8. The security design
• Separate clusters, with strong isolation.
• Each cluster has zero knowledge of other components.
• Each communication from a cluster to the other is not
considered trusted.
• ID lookup input sanitization is a stand alone cluster.
• Small virtual servers as frontline to mitigate DDoS.
• Lots of micro scale defence systems (firewall , IDS,
monitoring, … etc. per each host).
9. The implementation
• 74 server.
• OpenVPN.
• Automated security assessment system (OpenVAS).
• Nginx (patched).
• Custom NoSQL Database implementation with
memory-encrypted database.
• TCP buffers and timing optimizations (kernel level).
• Other standard open source tools (backup, database
replication, file system replication, … etc.)
10. The attacks
• DDoS attacks on the remote site (london) and the
main site.
• Voters database sweeping.
• Penetration attempts.
11. Pros and cons
●
CIA principals achieved
●
Minimal impact on
performance
●
Hardware security devices
minimally used
●
Cost efficient
●
Customisability granted the
core of the solutions
●
Non-standard solutions and
false signatures puzzled
attackers
●
Governmental FUD
●
Last minute changes
collided with some
customized solutions.