Confirmed users
529
edits
Security/Automation/WinterOfSecurity2014: Difference between revisions
Security/Automation/WinterOfSecurity2014 (view source)
Revision as of 11:57, 22 April 2014
, 22 April 2014no edit summary
No edit summary |
|||
| Line 33: | Line 33: | ||
This project is an opportunity for a group of students to take a close look at memory forensic across all operating systems. | This project is an opportunity for a group of students to take a close look at memory forensic across all operating systems. | ||
=== Network Security === | === Network & System Security === | ||
==== Cross-platform firewall driver in Go ==== | ==== Cross-platform firewall driver in Go ==== | ||
* Mozilla Advisor: Julien Vehent | * Mozilla Advisor: Julien Vehent | ||
| Line 41: | Line 41: | ||
This project is an opportunity for a group of students to take a close look at firewall management on the major operating systems. | This project is an opportunity for a group of students to take a close look at firewall management on the major operating systems. | ||
=== | ==== Passive vulnerability scanning ==== | ||
* Mozilla Advisor: Michal Purzynski | |||
* difficulty: high | |||
* language: english or polish | |||
The vulnerability management process needs a knowledge to prioritize patching. Many large organizations cannot patch everything and there is always a decision to be made - what gets patched in the first place? In order to make such a decisions, one needs to learn what kind of vulnerable software is running on systems and talking over the network. The traditional way of doing it is by logging into each server and running a query against the software database and compare versions with a vulnerability list. This does not work well for a few reasons, such as leaving out potentially vulnerable systems that one can’t log into (appliances, unmanaged legacy systems, unsupported operating systems, etc). End users systems are also often left out, and with the days of BYOD, one cannot assume that all clients are managed. | |||
The goal of this project is to use passive network monitoring to discover softwares (and versions) on the network, and build a reliable database that can be used as the input to the patching process. There is a lot of information on the network layer, such as user agents, versions, etc. One of the bigger challenges here will be to filter out the noise without losing data in the process - there is no such a thing as ’standardized user agent format’. Classic network monitoring techniques coupled with statistical methods might help here as well. | |||
=== Cryptography === | === Cryptography === | ||
==== Compliance checking of TLS configuration ==== | ==== Compliance checking of TLS configuration ==== | ||