Rootconf 2019

On infrastructure security, cloud architecture, cloud optimization and distributed systems

Securing Infrastructure with OpenScap

Submitted by jaskaran narula (@jaskaransingh) on Thursday, 20 December 2018

videocam_off

Technical level

Beginner

Section

Full talk of 40 mins duration

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +2

Abstract

Security Content Automation Protocol (SCAP) which is a collection of standards managed by National Institute of Standards and Technology (NIST). It was created to provide a standardized approach to maintaining the Security of enterprise system, such as automatically Verifying the presence of patched, checking system security configuration settings, and examining systems for signs of compromise. Along with this Audience will also have a good view of Foreman, how openscap can be integrated with foreman and become more useful and efficient to use.

What Audience will take away?
Audience after his talk will have a clear idea how the companies are using the most advance mechanism to automate the security policies within the organization along with what they can do to contribute to the upstream and make their own profiles and set of security rules. What are the rules that are used by different companies in different working profile and how they want to have the better security protocols for them.

Outline

Audience will learn about Openscap. Tools used by openscap along with profiles and components of openscap. I will also through some light on how we all can have our own set of policies and how we can develop certain profiles and policies that will be custom of yourself and also useful for upstream. This talk will also involve how to deploy openscap, how to use different tools of openscap and warping up with the analysis of the reports generated by the scap policies. At the end you get a clear picture of openscap also with managing all the tools and reports by them.

Requirements

Requirements:
1)Basic Linux Administrator Skills
2)Bits of security domain knowledge.

Speaker bio

My name is Jaskaran Singh Narula and currently working Red Hat as a Satellite Engineer.
I have been working with the Null open source security community for nearly 2 years. I have been an active member, speaker and volunteer at Bhopal Null Chapter. https://null.co.in/profile/5502-jaskaran-singh-naru

Comments

Login with Twitter or Google to leave a comment