Comment Re:Some answers (Score 1) 66
Glad to hear. Happy to help if needed. You can find us on our Gitter channel: https://gitter.im/crowdsec-pro...
Submission + - Best Secure Linux Distros for Enhanced Privacy & Security (linuxsecurity.com)
b-dayyy writes: As we transition to an increasingly digital society, privacy and security have become areas of central concern – not a day goes by that we aren’t bombarded with security news headlines about hacks, breaches and the increasingly common and worrisome practice of storing and monitoring sensitive personal information, often without users’ consent.
Luckily for us Linux users, the general consensus among experts is that Linux is a highly secure OS — arguably the most secure OS. While all Linux “distros” — or distributed versions of Linux software — are secure by design, certain distros go above and beyond when it comes to protecting users’ privacy and security. We’ve put together a list of our favorite specialized secure Linux distros and spoken with some of their lead developers to find out first-hand what makes these distros so great. This article aims to help you evaluate your options and select the distro that best meets your individual needs.
Luckily for us Linux users, the general consensus among experts is that Linux is a highly secure OS — arguably the most secure OS. While all Linux “distros” — or distributed versions of Linux software — are secure by design, certain distros go above and beyond when it comes to protecting users’ privacy and security. We’ve put together a list of our favorite specialized secure Linux distros and spoken with some of their lead developers to find out first-hand what makes these distros so great. This article aims to help you evaluate your options and select the distro that best meets your individual needs.
Comment Re:Problem #1 (Score 1) 66
Because we make sure they are trustworthy. Every network member (watchers sharing their signals) gets a trust rank (TR). By consistently sending back valuable and exact information, the TR gets better over time. A daemon reporting for months, with 100% accuracy, valuable information will eventually reach the maximum TR. Feeding the system with wrong information would result in a severe and immediate loss of TR. This mechanism is made to avoid poisoning.
All TR can partake in the consensus, but only the highest TR rank can publish to the database without needing validation from our own honeypot network. It nevertheless has to pass the test of the Canary list, meaning the IP reported shouldn’t be one of the canary. Canaries are in fact whitelisted IP, known to be trustworthy, like the Google bot, Microsoft updates, etc. If a scenario is too sensitive or twitchy, it might shoot a canary. This mechanism is made to avoid false positives.
All those mechanisms (and more to come) contribute to what we call the Consensus chamber (Consensus in short), where the decision is taken to either ban the IP responsible for an alert or not.
Comment Re:not going to go well (Score 5, Informative) 66
You are right but we thought about this upfront so we've put the following system in plance.
Every network member (watchers sharing their signals) gets a trust rank (TR). By consistently sending back valuable and exact information, the TR gets better over time. A daemon reporting for months, with 100% accuracy, valuable information will eventually reach the maximum TR. Feeding the system with wrong information would result in a severe and immediate loss of TR. This mechanism is made to avoid poisoning.
All TR can partake in the consensus, but only the highest TR rank can publish to the database without needing validation from our own honeypot network. It nevertheless has to pass the test of the Canary list, meaning the IP reported shouldn’t be one of the canary. Canaries are in fact whitelisted IP, known to be trustworthy, like the Google bot, Microsoft updates, etc. If a scenario is too sensitive or twitchy, it might shoot a canary. This mechanism is made to avoid false positives.
Submission + - Introducing Crowdsec: A Modernized, Collaborative Massively Multiplayer Firewall (linuxsecurity.com)
b-dayyy writes: CrowdSec is a massively multiplayer firewall designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent. It was inspired by Fail2Ban and aims to be a modernized, collaborative version of that intrusion-prevention tool.
CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to “immunize” them against this IP.
The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.
It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades — they didn’t just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.
The solution recently turned 1.x, introducing a major architectural change: the introduction of a local REST API.
CrowdSec is free and open-source (under an MIT License), with the source code available on GitHub. It uses a behavior analysis system to qualify whether someone is trying to hack you, based on your logs. If your agent detects such aggression, the offending IP is then dealt with and sent for curation. If this signal passes the curation process, the IP is then redistributed to all users sharing a similar technological profile to “immunize” them against this IP.
The goal is to leverage the power of the crowd to create a real-time IP reputation database. As for the IP that aggressed your machine, you can choose to remedy the threat in any manner you feel appropriate. Ultimately, CrowdSec leverages the power of the community to create an extremely accurate IP reputation system that benefits all its users.
It was clear to the founders that Open Source was going to be one of the main pillars of CrowdSec. The project's founders have been working on open-source projects for decades — they didn’t just jump on the train. Rather, they are strong Open Source believers. They believe that the crowd is key to the mass hacking plague we are experiencing, and that Open Source is the best lever to create a community and have people contribute their knowledge to the project, ultimately make it better and more secure.
The solution recently turned 1.x, introducing a major architectural change: the introduction of a local REST API.
Submission + - GeoIP for nftables Brings Simplicity & Flexibility to GeoIP Filtering (linuxsecurity.com)
b-dayyy writes: What if you could block connections to your network in real-time from countries around the world such as Russia, China and Brazil where the majority of cyberattacks originate? What if you could redirect connections to a single network based on their origin? As you can imagine, being able to control these things would reduce the number of attack vectors on your network, improving its security. You may be surprised that this is not only possible, but straightforward and easy, by implementing GeoIP filtering on your nftables firewall with GeoIP for nftables.
GeoIp for nftables is a simple and flexible Bash script released in December of 2020 designed to perform automated real-time filtering using nftables firewalls based on the IP addresses for a particular region. In a recent interview with LinuxSecurity researchers, the project’s lead developer Mike Baxter explained the mission of GeoIP for nftables, “I hope this project is beneficial to those who may not have the IT budget or resources to implement a commercial solution. The code runs well on servers, workstations and low-power systems like Raspberry Pi. The script has the built-in ability to flush and refill GeoIP sets after a database update without restarting the firewall, allowing servers to run uninterrupted without dropping established connections.”
This article will examine the concept of GeoIP filtering and how it could add a valuable layer of security to your firewall, and will then explore how the GeoIP for nftables project is leveraging Open Source to provide intuitive, customizable GeoIP filtering on Linux.
GeoIp for nftables is a simple and flexible Bash script released in December of 2020 designed to perform automated real-time filtering using nftables firewalls based on the IP addresses for a particular region. In a recent interview with LinuxSecurity researchers, the project’s lead developer Mike Baxter explained the mission of GeoIP for nftables, “I hope this project is beneficial to those who may not have the IT budget or resources to implement a commercial solution. The code runs well on servers, workstations and low-power systems like Raspberry Pi. The script has the built-in ability to flush and refill GeoIP sets after a database update without restarting the firewall, allowing servers to run uninterrupted without dropping established connections.”
This article will examine the concept of GeoIP filtering and how it could add a valuable layer of security to your firewall, and will then explore how the GeoIP for nftables project is leveraging Open Source to provide intuitive, customizable GeoIP filtering on Linux.
Submission + - Decade of the RATs: Is Linux Secure? (linuxsecurity.com) 1
b-dayyy writes: Just recently, LinuxSecurity published a feature article exploring the rise in attacks targeting Linux, their implications for Linux users and the conclusions that can be drawn about the security of the operating system based on this disheartening trend. Now, yet another frightening attack campaign exploiting Linux has come to light.
In a new report, security researchers from BlackBerry reveal that Chinese state hackers have been successfully infiltrating critical Linux servers with little to no detection since 2012. The researchers identified a previously undocumented Linux malware toolset including two kernel-level rootkits and three backdoors. BlackBerry’s research has also linked this “decade of Chinese RATs” (remote access trojans — or programs that enable covert surveillance or provide threat actors with the ability to gain unauthorized access to a victim PC) to one of the largest Linux botnets ever discovered, concluding that the campaign — which has impacted a significant number of organizations — has been “highly profitable” and “the duration of the infections is lengthy”. The cross-platform aspect of these attacks is also particularly concerning, given the security challenges that have arisen as a result of the sudden increase in remote workers due to the COVID-19 pandemic.
In a new report, security researchers from BlackBerry reveal that Chinese state hackers have been successfully infiltrating critical Linux servers with little to no detection since 2012. The researchers identified a previously undocumented Linux malware toolset including two kernel-level rootkits and three backdoors. BlackBerry’s research has also linked this “decade of Chinese RATs” (remote access trojans — or programs that enable covert surveillance or provide threat actors with the ability to gain unauthorized access to a victim PC) to one of the largest Linux botnets ever discovered, concluding that the campaign — which has impacted a significant number of organizations — has been “highly profitable” and “the duration of the infections is lengthy”. The cross-platform aspect of these attacks is also particularly concerning, given the security challenges that have arisen as a result of the sudden increase in remote workers due to the COVID-19 pandemic.
Submission + - Five Open-Source Projects AI Enthusiasts Might Want to Know About (linuxsecurity.com)
b-dayyy writes: Linux is arguably software developers’ favorite OS. Over 14,000 contributors have invested countless hours in developing the Linux Kernel. With Linux becoming increasingly popular due to its security and flexibility, developers who are interested in artificial intelligence (AI) may want to explore the possibilities within the Linux environment.
AI can easily be tagged as the future of technology, even if we already see it at work today. Virtual assistants such as Siri for Apple, Cortana for Microsoft, and Alexa for Amazon, are just some of the real-world examples of AI at work. The healthcare industry also uses AI in health monitoring, prescription management, drug discovery, and clinical documentation. Marketing benefits from AI as well, particularly in discovering trends, boosting revenue, and demand forecasting.
As AI becomes more and more ingrained in our daily lives through consumer products, we can’t help but be concerned that proprietary software will comprise the market. And we are not talking about a million-dollar market, but a bigger one that may reach US$118.6 billion by 2025.
Many industries and end-users would thus benefit from more open-source AI projects and tools for developers’ use. That would save tons of individuals and companies money to build their own AI-powered apps.
In this post, we explore five open-source AI projects or tools that are compatible with Linux and delve into the pros and cons of open-source AI and AI in general.
AI can easily be tagged as the future of technology, even if we already see it at work today. Virtual assistants such as Siri for Apple, Cortana for Microsoft, and Alexa for Amazon, are just some of the real-world examples of AI at work. The healthcare industry also uses AI in health monitoring, prescription management, drug discovery, and clinical documentation. Marketing benefits from AI as well, particularly in discovering trends, boosting revenue, and demand forecasting.
As AI becomes more and more ingrained in our daily lives through consumer products, we can’t help but be concerned that proprietary software will comprise the market. And we are not talking about a million-dollar market, but a bigger one that may reach US$118.6 billion by 2025.
Many industries and end-users would thus benefit from more open-source AI projects and tools for developers’ use. That would save tons of individuals and companies money to build their own AI-powered apps.
In this post, we explore five open-source AI projects or tools that are compatible with Linux and delve into the pros and cons of open-source AI and AI in general.
Submission + - Encryption: An Essential Yet Highly Controversial Component of Digital Security (linuxsecurity.com)
b-dayyy writes: If you’ve been keeping up with recent security news, you are most likely aware of the heated worldwide debate about encryption that is currently underway. Strong encryption is imperative to securing sensitive data and protecting individuals’ privacy online, yet governments around the world refuse to recognize this, and are continually aiming to break encryption in an effort to increase the power of their law enforcement agencies.
Governments have been trying for years to require that companies build backdoors, or deliberate weaknesses in encryption intended to provide easy access to encrypted data, into encrypted software and technology, arguing that unbroken encryption makes criminal investigations too difficult. The FBI has been using the term “going dark” since the late 90’s to describe the “threat” that strong encryption poses to omnipresent government surveillance.
This fear of strong, unbroken encryption is not only unfounded — it is dangerous. Encryption with built-in backdoors which provide special access for select groups not only has the potential to be abused by law enforcement and government agencies by allowing them to eavesdrop on potentially any digital conversation, it could also be easily exploited by threat actors and criminals.
Governments have been trying for years to require that companies build backdoors, or deliberate weaknesses in encryption intended to provide easy access to encrypted data, into encrypted software and technology, arguing that unbroken encryption makes criminal investigations too difficult. The FBI has been using the term “going dark” since the late 90’s to describe the “threat” that strong encryption poses to omnipresent government surveillance.
This fear of strong, unbroken encryption is not only unfounded — it is dangerous. Encryption with built-in backdoors which provide special access for select groups not only has the potential to be abused by law enforcement and government agencies by allowing them to eavesdrop on potentially any digital conversation, it could also be easily exploited by threat actors and criminals.
Submission + - Linux: An OS Capable of Meeting the US Government's Security Needs (linuxsecurity.com) 1
b-dayyy writes: As Open Source has become increasingly mainstream and widely accepted for its numerous benefits, the use of Linux as a flexible, transparent and highly secure operating system has also increasingly become a prominent choice among corporations, educational institutions and government sectors alike. With national security concerns at an all time high heading into 2020, it appears that the implementation of Linux could effectively meet the United States government’s critical security needs for application development and installations.
Because of its open-source roots, Linux is foundationally secure, highly reliable, and incredibly adaptable. Linux incorporates a "defense-in-depth" approach to security, meaning robust security measures are implemented at every level of development and deployment. Unlike obscure closed-source counterparts, Linux has a fundamental focus on security through transparency.
In order to be approved for use in critical government functions, software and applications must be certified to ensure that they meet certain security standards. Common Criteria, FIPS 140-2 and Secure Technical Implementation Guidelines (STIG) are three security certifications required by the United States Department of Defense. These certifications indicate that technology meets standardized security protocols and cryptographic tools implement their algorithms properly. Linux has been certified to meet all of these criteria, a rare and notable achievement.
For these reasons, Linux is not only an ideal operating system for the development of critically secure government applications, but the inherent openness and flexibility of Linux also make it a great operating system for installations that demand the highest level of security and precision. However, it should be noted that as with any operating system, Linux must first undergo additional stringent testing and development before being further incorporated into the US government’s IT infrastructure.
Because of its open-source roots, Linux is foundationally secure, highly reliable, and incredibly adaptable. Linux incorporates a "defense-in-depth" approach to security, meaning robust security measures are implemented at every level of development and deployment. Unlike obscure closed-source counterparts, Linux has a fundamental focus on security through transparency.
In order to be approved for use in critical government functions, software and applications must be certified to ensure that they meet certain security standards. Common Criteria, FIPS 140-2 and Secure Technical Implementation Guidelines (STIG) are three security certifications required by the United States Department of Defense. These certifications indicate that technology meets standardized security protocols and cryptographic tools implement their algorithms properly. Linux has been certified to meet all of these criteria, a rare and notable achievement.
For these reasons, Linux is not only an ideal operating system for the development of critically secure government applications, but the inherent openness and flexibility of Linux also make it a great operating system for installations that demand the highest level of security and precision. However, it should be noted that as with any operating system, Linux must first undergo additional stringent testing and development before being further incorporated into the US government’s IT infrastructure.
Submission + - NextCry Ransomware Targets NextCloud Linux Servers and Remains Undetected (linuxsecurity.com)
b-dayyy writes: A new and particularly troublesome ransomware variant has been identified in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on NextCloud Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption tool available for victims.
Comment My conversation with Jean-Baptiste Kempf (Score 1) 80
About a week ago, the LinuxSecurity staff started tracking a security issue related to VLC, the popular open source media player. As the week went on, it wasn’t completely clear what was fact and what was fiction. I decided to find out. I reached out to Jean-Baptiste Kempf, and we had a really interesting conversation on this topic. Check out what I learned: https://linuxsecurity.com/feat...
Slashdot Top Deals
A motion to adjourn is always in order.
