Download as pdf or txt
Download as pdf or txt
You are on page 1of 33

Thorough, Safe and Secure

Security Spin
and the OSSTMM
Joerg Simon

[ indemnification ] The fedora project and the OSSTMM by ISECOM both are independent non profit entities Both are part of the FOSS ECO System!
Thispresentationincl.FedoraArtwork &allBackgroundslicensedccbysa byfedora

Sharegoodrelationships /me


[ fedora security spin ]

A open source platform for - security-auditing - forensics - penetration-testing

[features ]
- a safe livecd-place for testing - all fedora security features - ability to install on HD and USB - install software anytime - clean, functional, fast

[ developed by testers for testers ]

- collaborative developed - community <> commercial benefits - along our core values

[ test-tool all-stars ]

[ security features ]

[ little treasures ]


- your tools - your responsibility - the ramification - a way for proper testing!

[thereisaway ]

[OpenSourceSecurityTestingMethodologyManual ]

!= Checklist, solution based, best-practise - Recommended by the german BSI - Measurable and comparable results - Looks into operational Security - Metric based on Points of Risk - Thinking Out of the Box - ISECOM FOSS-Community - since January 2001 NPO

[ common sence ]
Usualtestingsynonyms Blind/BlackboxPentest Graybox/Chrystal/RedTeam SocialEngineering WarDriving WarDialing ConfigurationReviews CodeReviews

[ four points ]

[ testpath ]

[ how much security do you really need? ]

- Visibility - Access - Trust

[ porosity ]

[ Authentication ]

[ Indemnification ]

[ Resistance ]

[ Subjugation ]

[ Continuity ]

[ non-repudiation ]

[ confidentiality ] [ privacy ] [ integrity ]

[ Alarm ]

[ Limitations ]

[ possible benefits ]
OSSTMM-Security Lab based on fedora security spin Packaging upstream Tools from the OSSTMM Team A stable platform for teaching the curriculum ...

[ Ressources ]

[ possible benefits ]

- usecase for the Security Spin - new cool upstreams - better menu structure - fedora get taught along the OSSTMM

[ next ]
- move wishlist to fedorahosted - implement new branding - improve spin section content - consider new menustructure along OSSTMM 4points - consider SLiM desktop manager - consider LXDE as window manager - implement OSSTMM upstreams like unicornscan - become a official spin in Fedora 13

The fedora security spin team

Luke Macken Adam Miller Joerg Simon

bug me

Development Home

Help us on the Wishlist:

Your Contribution is welcome

Thanks! Any Contributions?

You might also like