This is Video about 'DEFCON 13: Introducing the Bastille Hardening Assessment Tool'
Video Youtube |
Bastille has been re-released as an assessment and hardening tool. With the help of the US Government's TSWG, we've added full hardening assessment capabilities, complete with scoring. This allows Bastille to measure and score an individual system's security settings against user-provided guidelines, possibly before allowing a system onto the network. Security or system administrators can use this to assess the relative state of a given system compared to Best Practices, to other systems in the organization, or to an organization-supplied minimum standards file. They can also use it to learn what hardening steps would be helpful for the given system. Bastille's new mode can even help in verifying compliance with new legislation, including Sarbanes Oxley, GLBA and HIPAA. It can also help in lowering insurance premiums -- AIG, the largest provider of cybersecurity insurance, decreases premiums by 15% for organizations following best practices in proactive defense.
Open source tools have hardened systems in the past (Bastille, Titan, YASSP), while free or open source tools have measured security settings in the past (COPS, CIS Unix Scoring Tool). No popular open source tool besides Bastille can do both, using the weaknesses found in an audit to harden systems. This functionality would normally be found only in a separate tool and thus warrants the re-release of Bastille.
We originally released Bastille Linux/Unix in 1999 as a host hardening tool, built to tighten security settings on a system, set stronger policies on that system and educate system administrators. Bastille has been extremely popular and has since been ported to seven Linux distributions, OS X and HP-UX. Support for FreeBSD and Solaris is underway. Bastille ships by default with Gentoo, Debian(apt-get) and HP-UX, the latter of which has made it part of the installer and contributes two developers to the project.
For more information visit: http://bit.ly/defcon13_information
To download the video visit: http://bit.ly/defcon13_videos
DEFCON 13: Introducing the Bastille Hardening Assessment Tool |
No comments:
Post a Comment