mersenneforum.org  

Go Back   mersenneforum.org > Extra Stuff > Blogorrhea > chalsall

Reply
 
Thread Tools
Old 2022-03-21, 19:53   #1
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

101001010100002 Posts
Default Cyber Security Tools

Since I'm often asked for advice on tools to use for network and compute reliability and security, I'd thought I'd write up something quickly here that I could refer people to.

Often a combination of different solutions is brought to bear, depending on the level of risk involved. Also, these are just some of the many (many!) tools available. Everything listed here is also Open Source; I want to be able to audit any code running such an important role.

I'm going to start with just monitoring...

These tools are often run on dedicated, independent, and highly secured LAMP stacks (sometimes going as far as being redundant). This way a minimalist software stack can be configured, lowering the attack surface.

1. Cacti

Leverages on RRDtool to collect, store and graph long-term time-domain data. Useful for trending analysis and NOC/SOC/CSIRT/etc real-time "eyes on glass".

2. Nagios

Similar, but is more oriented to real-time situational awareness. Can generate alerts to wake up humans in the case the NOC isn't 24/7/365. The "Nagios Core" is Open Source. Additional front-end functionality can be added for a license fee.

3. Syslog

Built into all Linux systems. Highly advised to have an aggregating Syslog server receiving and analyzing log files. Ideally real-time, but also possibly forensically.

4. Fail2ban

Actually should be running on all servers (with /var/log/fail2ban.log forwarded to the Syslog aggregation server(s)). Can easily be configured to block (and report) unwanted behavior. Can even be used to rate-limit web services to abusive users over long temporal periods.

5. tcpdump

When things get "interesting"... There's nothing like sniffing the wire in real-time (and the console output reminds some of the Matrix...)! Also, writing traffic to a file for post-analysis by Wireshark can be useful in long-term debugging.

More to come over time.

Feedback on this subject domain is welcome.

Last fiddled with by chalsall on 2022-03-21 at 21:03 Reason: s/log-term/long-term/; # Sigh...
chalsall is offline   Reply With Quote
Old 2022-03-22, 00:17   #2
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

589410 Posts
Default

How timely! Biden warns US companies of potential Russian cyberattacks
Quote:
RICHMOND, Va. โ€” President Joe Biden on Monday urged U.S. companies to make sure their digital doors are locked tight because of "evolving intelligence" that Russia is considering launching cyberattacks against critical infrastructure targets as the war in Ukraine continues.

Addressing corporate CEOs at their quarterly meeting, Biden told the business leaders they have a "patriotic obligation" to harden their systems against such attacks. He said federal assistance is available, should they want it, but that the decision is theirs alone.
<snip>
Biden's top cybersecurity aide, Anne Neuberger, expressed frustration at a White House press briefing earlier Monday that some critical infrastructure entities have ignored alerts from federal agencies to fix known problems in software that could be exploited by Russian hackers.

"Notwithstanding these repeated warnings, we continue to see adversaries compromising systems that use known vulnerabilities for which there are patches," said Neuberger, who is the president's deputy national security adviser for cyber and emerging technologies. "That makes it far easier for attackers than it needs to be."

The federal government has been providing warnings to U.S. companies of the threats posed by Russian state hackers since long before the country invaded Ukraine last month. The Cybersecurity and Infrastructure Security Agency has launched a "Shields Up" campaign aimed at helping companies strengthen their defenses and has urged companies to back up their data, turn on multifactor authentication and take other steps to improve cyber hygiene.
<snip>
Dr Sardonicus is online now   Reply With Quote
Old 2022-03-22, 20:29   #3
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

101001010100002 Posts
Default

Quote:
Originally Posted by Dr Sardonicus View Post
Thank you for that. Sincerely.

I didn't understand why everyone was freaking out yesterday. I am demonstrably sometimes rather slow.
chalsall is offline   Reply With Quote
Old 2022-03-22, 20:45   #4
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

2·7·421 Posts
Default

Quote:
Originally Posted by chalsall View Post
Thank you for that. Sincerely.

I didn't understand why everyone was freaking out yesterday. I am demonstrably sometimes rather slow.
You? Slow? I daresay you're nowhere near as slow as the folks who are in charge of databases with gajillions of people's personal info, or networks that control electric grids, or water systems, or... and who haven't availed themselves of available patches for vulnerabilities in their software - after they've been warned.

They have been failing to act for years.

But that kind of "slow" might more properly be called "negligence." Especially if their failure to act results in something bad happening...
Dr Sardonicus is online now   Reply With Quote
Old 2022-03-23, 00:14   #5
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

101001010100002 Posts
Default

Quote:
Originally Posted by Dr Sardonicus View Post
They have been failing to act for years.
And then we come back up from meditation and ask the obvious question: please define "They". 8-)
chalsall is offline   Reply With Quote
Old 2022-03-23, 00:25   #6
Dr Sardonicus
 
Dr Sardonicus's Avatar
 
Feb 2017
Nowhere

134068 Posts
Default

Quote:
Originally Posted by chalsall View Post
And then we come back up from meditation and ask the obvious question: please define "They". 8-)
That would be...
Quote:
Originally Posted by Dr Sardonicus View Post
<snip>the folks who are in charge of databases with gajillions of people's personal info, or networks that control electric grids, or water systems, or... and who haven't availed themselves of available patches for vulnerabilities in their software - after they've been warned.
<snip>
Dr Sardonicus is online now   Reply With Quote
Old 2022-03-23, 00:37   #7
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

24·661 Posts
Default

Quote:
Originally Posted by Dr Sardonicus View Post
That would be...
OK. Interesting. We're doing real-time. Cool.

Let's work on this. Please explain what's going on.
chalsall is offline   Reply With Quote
Old 2022-03-23, 00:56   #8
Uncwilly
6809 > 6502
 
Uncwilly's Avatar
 
"""""""""""""""""""
Aug 2003
101ร—103 Posts

2×13×409 Posts
Default

https://duckduckgo.com/?q=scada+internet+vulnerable
Uncwilly is online now   Reply With Quote
Old 2022-03-24, 01:15   #9
chalsall
If I May
 
chalsall's Avatar
 
"Chris Halsall"
Sep 2002
Barbados

24×661 Posts
Default

Quote:
Originally Posted by Uncwilly View Post
Thanks. Copy.

For those who aren't aware, SCADA is rather important. But almost no one knows about it.

Serous infrastructure should (obviously) be very carefully managed. But, often, aren't. IMHO, air-gapping the network is just the beginning of managing the risk.

The movie is amusing. But... This could actually happen.

Last fiddled with by chalsall on 2022-03-24 at 01:27 Reason: Redundant language removed.
chalsall is offline   Reply With Quote
Old 2022-03-24, 10:33   #10
xilman
Bamboozled!
 
xilman's Avatar
 
"๐’‰บ๐’ŒŒ๐’‡ท๐’†ท๐’€ญ"
May 2003
Down not across

2·5,711 Posts
Default

Kali Linux is one of the best collections of security software IMO.

Last fiddled with by xilman on 2022-03-24 at 10:37 Reason: Fix URL
xilman is offline   Reply With Quote
Old 2022-03-24, 10:49   #11
paulunderwood
 
paulunderwood's Avatar
 
Sep 2002
Database er0rr

22·1,063 Posts
Default

Quote:
Originally Posted by xilman View Post
Kali Linux is one of the best collections of security software IMO.
I agree. I run Kali, although I do not pretend to know how to wield it. I'd say run Tails Linux in qemu under Kali would be ideal -- or at least cool.

Last fiddled with by paulunderwood on 2022-03-24 at 10:49
paulunderwood is offline   Reply With Quote
Reply

Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
some tools for weights computing... Thomas11 Riesel Prime Search 28 2021-07-31 04:22
Moderator Tools storm5510 Forum Feedback 2 2020-05-07 15:48
Comparison of NFS tools CRGreathouse Factoring 3 2018-02-05 14:55
Benchmark of current tools Romuald Factoring 1 2016-11-13 10:59
Murphy's Law and other tools Uncwilly Lounge 5 2014-07-07 22:36

All times are UTC. The time now is 13:30.


Wed Aug 10 13:30:09 UTC 2022 up 34 days, 8:17, 2 users, load averages: 1.25, 1.45, 1.43

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.

โ‰  ยฑ โˆ“ รท ร— ยท โˆ’ โˆš โ€ฐ โŠ— โŠ• โŠ– โŠ˜ โŠ™ โ‰ค โ‰ฅ โ‰ฆ โ‰ง โ‰จ โ‰ฉ โ‰บ โ‰ป โ‰ผ โ‰ฝ โŠ โŠ โŠ‘ โŠ’ ยฒ ยณ ยฐ
โˆ  โˆŸ ยฐ โ‰… ~ โ€– โŸ‚ โซ›
โ‰ก โ‰œ โ‰ˆ โˆ โˆž โ‰ช โ‰ซ โŒŠโŒ‹ โŒˆโŒ‰ โˆ˜ โˆ โˆ โˆ‘ โˆง โˆจ โˆฉ โˆช โจ€ โŠ• โŠ— ๐–• ๐–– ๐–— โŠฒ โŠณ
โˆ… โˆ– โˆ โ†ฆ โ†ฃ โˆฉ โˆช โŠ† โŠ‚ โŠ„ โŠŠ โŠ‡ โŠƒ โŠ… โŠ‹ โŠ– โˆˆ โˆ‰ โˆ‹ โˆŒ โ„• โ„ค โ„š โ„ โ„‚ โ„ต โ„ถ โ„ท โ„ธ ๐“Ÿ
ยฌ โˆจ โˆง โŠ• โ†’ โ† โ‡’ โ‡ โ‡” โˆ€ โˆƒ โˆ„ โˆด โˆต โŠค โŠฅ โŠข โŠจ โซค โŠฃ โ€ฆ โ‹ฏ โ‹ฎ โ‹ฐ โ‹ฑ
โˆซ โˆฌ โˆญ โˆฎ โˆฏ โˆฐ โˆ‡ โˆ† ฮด โˆ‚ โ„ฑ โ„’ โ„“
๐›ข๐›ผ ๐›ฃ๐›ฝ ๐›ค๐›พ ๐›ฅ๐›ฟ ๐›ฆ๐œ€๐œ– ๐›ง๐œ ๐›จ๐œ‚ ๐›ฉ๐œƒ๐œ— ๐›ช๐œ„ ๐›ซ๐œ… ๐›ฌ๐œ† ๐›ญ๐œ‡ ๐›ฎ๐œˆ ๐›ฏ๐œ‰ ๐›ฐ๐œŠ ๐›ฑ๐œ‹ ๐›ฒ๐œŒ ๐›ด๐œŽ๐œ ๐›ต๐œ ๐›ถ๐œ ๐›ท๐œ™๐œ‘ ๐›ธ๐œ’ ๐›น๐œ“ ๐›บ๐œ”