Cyber Security Tools

chalsall · 2022-03-21, 19:53

Since I'm often asked for advice on tools to use for network and compute reliability and security, I'd thought I'd write up something quickly here that I could refer people to.

Often a combination of different solutions is brought to bear, depending on the level of risk involved. Also, these are just some of the many (many!) tools available. Everything listed here is also Open Source; I want to be able to audit any code running such an important role.

I'm going to start with just monitoring...

These tools are often run on dedicated, independent, and highly secured LAMP stacks (sometimes going as far as being redundant). This way a minimalist software stack can be configured, lowering the attack surface.

1. Cacti

Leverages on RRDtool to collect, store and graph long-term time-domain data. Useful for trending analysis and NOC/SOC/CSIRT/etc real-time "eyes on glass".

2. Nagios

Similar, but is more oriented to real-time situational awareness. Can generate alerts to wake up humans in the case the NOC isn't 24/7/365. The "Nagios Core" is Open Source. Additional front-end functionality can be added for a license fee.

3. Syslog

Built into all Linux systems. Highly advised to have an aggregating Syslog server receiving and analyzing log files. Ideally real-time, but also possibly forensically.

4. Fail2ban

Actually should be running on all servers (with /var/log/fail2ban.log forwarded to the Syslog aggregation server(s)). Can easily be configured to block (and report) unwanted behavior. Can even be used to rate-limit web services to abusive users over long temporal periods.

5. tcpdump

When things get "interesting"... There's nothing like sniffing the wire in real-time (and the console output reminds some of the Matrix...)! Also, writing traffic to a file for post-analysis by Wireshark can be useful in long-term debugging.

More to come over time.

Feedback on this subject domain is welcome.

Dr Sardonicus · 2022-03-22, 00:17

How timely! Biden warns US companies of potential Russian cyberattacks

Quote:

RICHMOND, Va. — President Joe Biden on Monday urged U.S. companies to make sure their digital doors are locked tight because of "evolving intelligence" that Russia is considering launching cyberattacks against critical infrastructure targets as the war in Ukraine continues.

Addressing corporate CEOs at their quarterly meeting, Biden told the business leaders they have a "patriotic obligation" to harden their systems against such attacks. He said federal assistance is available, should they want it, but that the decision is theirs alone.
<snip>
Biden's top cybersecurity aide, Anne Neuberger, expressed frustration at a White House press briefing earlier Monday that some critical infrastructure entities have ignored alerts from federal agencies to fix known problems in software that could be exploited by Russian hackers.

"Notwithstanding these repeated warnings, we continue to see adversaries compromising systems that use known vulnerabilities for which there are patches," said Neuberger, who is the president's deputy national security adviser for cyber and emerging technologies. "That makes it far easier for attackers than it needs to be."

The federal government has been providing warnings to U.S. companies of the threats posed by Russian state hackers since long before the country invaded Ukraine last month. The Cybersecurity and Infrastructure Security Agency has launched a "Shields Up" campaign aimed at helping companies strengthen their defenses and has urged companies to back up their data, turn on multifactor authentication and take other steps to improve cyber hygiene.
<snip>

chalsall · 2022-03-22, 20:29

Quote:

Originally Posted by Dr Sardonicus

How timely! Biden warns US companies of potential Russian cyberattacks

Thank you for that. Sincerely.

I didn't understand why everyone was freaking out yesterday. I am demonstrably sometimes rather slow.

Dr Sardonicus · 2022-03-22, 20:45

Quote:

Originally Posted by chalsall

Thank you for that. Sincerely.

I didn't understand why everyone was freaking out yesterday. I am demonstrably sometimes rather slow.

You? Slow? I daresay you're nowhere near as slow as the folks who are in charge of databases with gajillions of people's personal info, or networks that control electric grids, or water systems, or... and who haven't availed themselves of available patches for vulnerabilities in their software - after they've been warned.

They have been failing to act for years.

But that kind of "slow" might more properly be called "negligence." Especially if their failure to act results in something bad happening...

chalsall · 2022-03-23, 00:14

Quote:

Originally Posted by Dr Sardonicus

They have been failing to act for years.

And then we come back up from meditation and ask the obvious question: please define "They". 8-)

Dr Sardonicus · 2022-03-23, 00:25

Quote:

Originally Posted by chalsall

And then we come back up from meditation and ask the obvious question: please define "They". 8-)

That would be...

Quote:

Originally Posted by Dr Sardonicus

<snip>the folks who are in charge of databases with gajillions of people's personal info, or networks that control electric grids, or water systems, or... and who haven't availed themselves of available patches for vulnerabilities in their software - after they've been warned.
<snip>

chalsall · 2022-03-23, 00:37

Quote:

Originally Posted by Dr Sardonicus

That would be...

OK. Interesting. We're doing real-time. Cool.

Let's work on this. Please explain what's going on.

Uncwilly · 2022-03-23, 00:56

https://duckduckgo.com/?q=scada+internet+vulnerable

chalsall · 2022-03-24, 01:15

Quote:

Originally Posted by Uncwilly

https://duckduckgo.com/?q=scada+internet+vulnerable

Thanks. Copy.

For those who aren't aware, SCADA is rather important. But almost no one knows about it.

Serous infrastructure should (obviously) be very carefully managed. But, often, aren't. IMHO, air-gapping the network is just the beginning of managing the risk.

The movie is amusing. But... This could actually happen.

xilman · 2022-03-24, 10:33

Kali Linux is one of the best collections of security software IMO.

paulunderwood · 2022-03-24, 10:49

Quote:

Originally Posted by xilman

Kali Linux is one of the best collections of security software IMO.

I agree. I run Kali, although I do not pretend to know how to wield it. I'd say run Tails Linux in qemu under Kali would be ideal -- or at least cool.

2022-03-21, 19:53	#1
chalsall If I May "Chris Halsall" Sep 2002 Barbados 10100101010000₂ Posts	Cyber Security Tools Since I'm often asked for advice on tools to use for network and compute reliability and security, I'd thought I'd write up something quickly here that I could refer people to. Often a combination of different solutions is brought to bear, depending on the level of risk involved. Also, these are just some of the many (many!) tools available. Everything listed here is also Open Source; I want to be able to audit any code running such an important role. I'm going to start with just monitoring... These tools are often run on dedicated, independent, and highly secured LAMP stacks (sometimes going as far as being redundant). This way a minimalist software stack can be configured, lowering the attack surface. 1. Cacti Leverages on RRDtool to collect, store and graph long-term time-domain data. Useful for trending analysis and NOC/SOC/CSIRT/etc real-time "eyes on glass". 2. Nagios Similar, but is more oriented to real-time situational awareness. Can generate alerts to wake up humans in the case the NOC isn't 24/7/365. The "Nagios Core" is Open Source. Additional front-end functionality can be added for a license fee. 3. Syslog Built into all Linux systems. Highly advised to have an aggregating Syslog server receiving and analyzing log files. Ideally real-time, but also possibly forensically. 4. Fail2ban Actually should be running on all servers (with /var/log/fail2ban.log forwarded to the Syslog aggregation server(s)). Can easily be configured to block (and report) unwanted behavior. Can even be used to rate-limit web services to abusive users over long temporal periods. 5. tcpdump When things get "interesting"... There's nothing like sniffing the wire in real-time (and the console output reminds some of the Matrix...)! Also, writing traffic to a file for post-analysis by Wireshark can be useful in long-term debugging. More to come over time. Feedback on this subject domain is welcome. Last fiddled with by chalsall on 2022-03-21 at 21:03 Reason: s/log-term/long-term/; # Sigh...

2022-03-24, 10:33	#10
xilman Bamboozled! "𒉺𒌌𒇷𒆷𒀭" May 2003 Down not across 2·5,711 Posts	Kali Linux is one of the best collections of security software IMO. Last fiddled with by xilman on 2022-03-24 at 10:37 Reason: Fix URL

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
some tools for weights computing...	Thomas11	Riesel Prime Search	28	2021-07-31 04:22
Moderator Tools	storm5510	Forum Feedback	2	2020-05-07 15:48
Comparison of NFS tools	CRGreathouse	Factoring	3	2018-02-05 14:55
Benchmark of current tools	Romuald	Factoring	1	2016-11-13 10:59
Murphy's Law and other tools	Uncwilly	Lounge	5	2014-07-07 22:36

2022-03-23, 00:56	#8
Uncwilly 6809 > 6502 """"""""""""""""""" Aug 2003 101×103 Posts 2×13×409 Posts	https://duckduckgo.com/?q=scada+internet+vulnerable