Professional Documents
Culture Documents
Security Spin
and the OSSTMM
Joerg Simon jsimon@fedoraproject.org http://fedoraproject.org
[ indemnification ] The fedora project and the OSSTMM by ISECOM both are independent non profit entities Both are part of the FOSS ECO System!
Thispresentationincl.FedoraArtwork &allBackgroundslicensedccbysa byfedora
Sharegoodrelationships /me
OSSTMMlogosandschematicslicensedbyOpenMethodologyLicence
[features ]
- a safe livecd-place for testing - all fedora security features - ability to install on HD and USB - install software anytime - clean, functional, fast
[ test-tool all-stars ]
[ security features ]
[ little treasures ]
[know]
- your tools - your responsibility - the ramification - a way for proper testing!
[thereisaway ]
[OpenSourceSecurityTestingMethodologyManual ]
!= Checklist, solution based, best-practise - Recommended by the german BSI - Measurable and comparable results - Looks into operational Security - Metric based on Points of Risk - Thinking Out of the Box - ISECOM FOSS-Community - since January 2001 NPO
[ common sence ]
Usualtestingsynonyms Blind/BlackboxPentest Graybox/Chrystal/RedTeam SocialEngineering WarDriving WarDialing ConfigurationReviews CodeReviews
[ four points ]
[ testpath ]
[ porosity ]
[ Authentication ]
[ Indemnification ]
[ Resistance ]
[ Subjugation ]
[ Continuity ]
[ non-repudiation ]
[ Alarm ]
[ Limitations ]
[ possible benefits ]
OSSTMM-Security Lab based on fedora security spin Packaging upstream Tools from the OSSTMM Team A stable platform for teaching the curriculum ...
[ Ressources ]
www.osstmm.org www.isecom.org
[ possible benefits ]
- usecase for the Security Spin - new cool upstreams - better menu structure - fedora get taught along the OSSTMM
[ next ]
- move wishlist to fedorahosted - implement new branding - improve spin section content - consider new menustructure along OSSTMM 4points - consider SLiM desktop manager - consider LXDE as window manager - implement OSSTMM upstreams like unicornscan - become a official spin in Fedora 13
jsimon@fedoraproject.org
bug me
https://fedorahosted.org/security-spin/
Development Home
https://fedoraproject.org/wiki/SecuritySpin