Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Ahead With Linux Security Features

Filter%20icon Refine features
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security features

We found 1 articles for you...
102

Advanced Breach And Attack Simulation Tools For Linux Security Strategies

Cybersecurity threats are becoming more imminent daily in today's fast-paced digital landscape. In 2023, there were 2365 cybersecurity attacks, an increase of 72% from 2021. These attacks are also becoming more sophisticated daily, making traditional security measures inadequate. . Companies must resort to more advanced security methods to prevent the loss of sensitive data and operational disruption due to security threats. In this article, we’ll explore how you can use Breach and Attack simulations (BAS), a cutting-edge cybersecurity technique, to protect your organization from cybersecurity threats. What Is Breach and Attack Simulation (BAS)? Breach and attack simulation, abbreviated as BAS, is a modern-day cybersecurity mechanism replicating real-world attackers' behavior. It's rapidly gaining popularity, with a market value projected to reach $3.5 million by 2032 with a CAGR of 22.1%. BAS technology allows you to simulate controlled cyberattacks to assess how ready your company’s security posture is against a real cyberattack. It copies real-world cybercriminals' tactics and helps point out your organization’s strengths, weaknesses, and areas for improvement when faced with cyberattacks. Why Is BAS Critical in Linux and Open-Source Ecosystems? BAS is critical for robust cybersecurity in Linux and open-source environments for the following reasons: Identifying Threats Proactively BAS allows you to stay one step ahead of cyber criminals by letting you identify potential vulnerabilities in your company’s security framework beforehand. These simulations are based on vast data on emerging threats and can implement various scenarios in your company. That way, your organization can mitigate the risk of costly data breaches, regulatory fines, and reputation damage before it even happens. It also facilitates a culture of constantly improving your security system, a need of the current dynamic cybersecurity world. Your security and IT team can conduct simulationsregularly and incorporate lessons learned in each iteration to identify repetitive issues in your system over time. With this iterative approach, you can build a strong security posture over time. Realistic Threat Scenarios Another significant advantage of BAS is that you can analyze your organization’s security posture. Unlike traditional tests of system vulnerability, which apply across the entire system, BAS has a more holistic approach to evaluating system security by launching a controlled attack on a specific aspect of your security infrastructure. You can use hacker TTPs, tactics, and procedures to identify blindspots you might not see unless an actual attack happens. Resource Allocation A holistic and iterative approach to improving your company’s security footprint means your budget is allocated more efficiently. With BAS, you can reallocate limited resources to address critical security issues. This will let you eliminate threats on a priority basis and significantly reduce the probability of an imminent damaging attack. What Are the Top Open-Source Breach and Attack Simulation Tools for Linux? BAS is a vital strategy in cybersecurity , and different tools facilitate BAS simulations. Here are some of our favorite open-source tools: Metasploit Framework The Metasploit framework is one of the most popular and powerful open-source tools for penetration testing and security validation. It provides a comprehensive suite of tools to stimulate real-world attacks and assess the security posture of systems and networks. In Metasploit, you have a vast repository of publicly available exploits for Linus and customizable payloads that can be delivered to exploited systems to perform various tasks, such as establishing remote access. It also has some auxiliary modules that perform scanning, fuzzing, and other types of testing without exploiting vulnerabilities. Post-exploitation modules are available for gathering information, escalating privileges, and maintainingaccess. Metasploit also allows for the automation of tasks using scripts. It is commonly used to scan for known vulnerabilities in Linux systems and stimulate attacks by exploiting known vulnerabilities to test the effectiveness of security controls. To stimulate attacks with Metasploit, install it on a Linux system and launch it. Use auxiliary modules to scan for vulnerabilities. After you search for, figure out, and launch exploits, use the meterpreter payload to perform post-exploitation tasks. Infection Monkey Infection Monkey is an open-source BAS tool developed by Guardicore. It stimulates various attack techniques to test the resiliency of data centers and cloud environments against cyber attacks. It also helps organizations identify vulnerabilities, misconfigurations, and weaknesses in their security posture. Its key features include attack simulation by lateral movement, which stimulates how an attacker can move within the network after gaining initial access. Similarly, it also tests the network’s susceptibility to credential theft attacks. Infection Monkey is also helpful in testing compliance with CIS benchmarks to ensure systems are configured securely. It identifies common misconfigurations that attackers could exploit. It allows customization of attack vectors to match specific threat models and organizational needs, and users can define custom payloads for more specific attack simulators. To deploy Infection Monkey in Linux, verify that your environment meets the system requirements for running Monkey Island and Monkey agents. You can clone the software from its repository on GitHub and install the necessary dependencies to set it up. You can access the interface through a web browser and follow the on-screen instructions to complete the initial setup and configuration. Then, you can define attack scenarios and start your simulation. CALDERA CALDERA is an open-source platform developed by MITRE to automate adversary emulation, red teaming, and securityassessment. It runs on the MITRE ATT&CK framework to simulate realistic attack scenarios, helping organizations understand their security posture and improve their defenses. Its key features include modularity through easily extendable plugins, flexibility, automation, and central management through its server interface. CALDERA utilizes the MITRE ATT&CK framework, a knowledge base of adversary tactics and techniques based on real-world observations. CALDERA maps its actions to ATT&CK techniques to create custom attack scenarios that reflect specific adversaries or threat models relevant to the organization. This allows you to gain insights into potential attack paths and vulnerabilities, focus on the most critical vulnerabilities and misconfigurations, and improve your defenses based on the simulation results. To run CALDERA, you will need Python, 3.6+, Git, and Docker on your system. Then, clone the CALDERA repository from GitHub and create and activate a virtual environment. Once you install the necessary dependencies, start the CALDERA server and access its web interface on a web browser. You can use the web interface to generate an agent for your target Linux machines, transfer it, and execute it. CALDERA can also create attack scenarios using ATT&CK techniques. How Can I Set Up and Run Simulations? Implementing breach and attack simulations in your company includes, but is not limited to, defining clear objectives, threat intelligence, and simulation tool selection, especially if your company has a Linux-based system. The first step to implementing BAS, or any advanced security framework in Linux, is to define the program's scope. This lets you determine whether your simulations will target Linux-specific attacks like malware or insider threats or run a comprehensive broad-spectrum attack scenario irrespective of the operating system. Once you’ve defined what purpose you want BAS to serve, you can select whether you want network-based, endpoint-based, or hybrid simulations. This choicewill also depend on your system requirements. Once you’ve chosen the appropriate BAS framework, you’ll have to test run several simulations and iterate to determine the more optimized testing for your system. You can use already-designed compatible simulation tools like Metasploit, OpenVAS , etc., to improve your system’s adaptability to BAS. Best Practices for Linux Security Validation Here are some practical tips for Linux Security Validation admins should implement: Frameworks and Methodologies for Structuring BAS Exercises BAS exercises continuously assess and improve an organization’s security by stimulating a real-world cyberattack scenario. One common BAS framework is the MITRE ATT&CK framework, which is helpful in mapping exercises to cover a wide range of tactics and identifying gaps in your current detection capabilities. Similarly, the NIST ( National Institute of Standards and Technology Cybersecurity Framework (CSF) is used for BAS exercises and has five primary functions: identifying crucial vulnerabilities, protecting assets by implementing controls, detecting cybersecurity events, responding to an incident, and recovering to ensure business continuity. Strategies for Effective Vulnerability Management Effective vulnerability management involves identifying, assessing, and systemically mitigating vulnerabilities. One common strategy is patch management, in which you must develop a comprehensive policy that prioritizes patches based on the severity of vulnerabilities. You can configure management tools like Ansible, Puppet, and Chef to automate this process and reduce human errors. You should also have a framework to prioritize vulnerabilities. One such framework leverages the Common Vulnerability Scoring System (CVSS) scores. When prioritizing remediation efforts, consider how critical your affected assets are. Continual Optimization for Threat Model Validation in Linux Systems You must regularly review and update your threat models for continuousoptimization. Ideally, you should update your models once every three months. Ensure the threat model contains all components and integrations and involves key stakeholders from development, operations, and security teams in the review process. You can use automated threat modeling tools like Pytm to automatically create and update threat models and integrate them into your DevSecOps pipeline. These tools help scale your threat modeling efforts in complex environments. Similarly, red team exercises where you stimulate sophisticated attacks are also crucial for threat model validation. Case Studies and Real-world Applications BAS can be successfully implemented on Linux platforms. Let’s take the case of a financial institution using Infection Monkey to improve the security of its Linux-based servers. It deployed Infection Monkey across the institution's data centers and stimulated lateral movement, credential theft, and privilege escalation scenarios. As a result, the institution identified several vulnerabilities, such as outdated software and weak passcodes. We can also take the example of a Tech Startup utilizing Metasploit for proactive security testing to analyze the improvement of security postures through open-source BAS tools. They used the Metasploit framework to test their Linux servers' security, including SQL injection, cross-site scripting (XSS), and remote code execution attacks. These simulations helped them discover critical vulnerabilities early in the development cycle, reducing the risk of exploitation in production. BAS can also mitigate ongoing security challenges. As cyber-]attacks evolve, attackers develop new techniques to bypass existing security measures. But BAS tools like CALDERA keep up with the latest attack techniques, ensuring simulations are relevant and up-to-date. They provide a realistic view of the current security measures. For example, a healthcare security provider that regularly updates CALDERA scenarios to include the latest ransomwaretechniques helps the provider stay ahead of emerging threats, significantly reducing the risk of successful attacks. Our Final Thoughts on the Importance of Comprehensive Security Validation & Attack Simulation Companies need to find ways to defend themselves from constantly changing dangers. Breach and attack simulations are one such tool. They allow you to evaluate and escalate cyber security measures by copying digital attack conditions similar to real-world hacks. Give some of these threat protection strategies and tools a try to secure your Linux systems and protect your critical data against Linux security vulnerabilities and attacks. . Investigate sophisticated breach and attack simulation methodologies to fortify defenses against changing vulnerabilities in Unix-based systems.. Breach And Attack Simulation, Linux Security Tools, Attack Simulation Techniques, Open Source Security, Cybersecurity Tools. . Brittany Day

Calendar%202 Jul 27, 2024 User Avatar Brittany Day
102

Comparing Linux And Windows Security For Business Operations

Security is one of the most critical factors considered when choosing an OS. General expert consensus says that Linux is the most secure OS by design , an impressive feat that can be attributed to its variety of characteristics, including transparent, open-source code, strict user privilege model, diversity, built-in kernel security defenses, and application security. The high level of security, customization, compatibility, and cost-efficiency that Linux offers makes it a popular choice among businesses and organizations looking to secure valuable data. Linux has already been adopted by governments and tech giants around the world, including IBM, Google, and Amazon, and it currently powers 97% of the top one million domains in the world . All of today’s most popular programming languages were first developed on Linux and can now run on any OS. In this sense, we’re all using Linux whether we know it or not. . This article will examine why Linux is arguably the best choice for businesses looking for a flexible, cost-efficient, exceptionally secure OS. To help you weigh your options, we will go into detail on Linux so you understand their privacy-enhancing technology and how they combat all kinds of cyber security vulnerabilities that could lead to attacks in network security. We will also compare the differences between Linux and Windows for your consideration in deciding where to get started. What Is The Open-Source Advantage? Because Linux is an open-source OS, the security it offers is greatly enhanced by the involvement and support the open-source community provides. Linux source code undergoes ongoing, thorough review by passionate user-developers worldwide who are deeply invested in their work both for their own benefit and for the benefit of the community. As a result of this scrutiny, Linux cyber security vulnerabilities are generally identified and eliminated very rapidly, often before attackers even have the chance to use those exploits in cyber security to their advantage. As of August2020, Linux has over 20,000 contributors and one million commits. Google and The Linux Foundation announced they are funding a pair of top Linux kernel developers to focus on security. This demonstrates that even some of the biggest, most influential members of open-source communities are highly dedicated to Linux data and network security. Superior Security through Strict User Privileges Linux greatly restricts root access through a strict user privilege model, where a superuser has all privileges and ordinary users only have permission to access whatever they need to accomplish their tasks. Because Linux users have low automatic access rights and require additional permissions to open attachments, access files, or adjust kernel options, it is more difficult to spread malware and rootkits on a Linux system than on a system running another OS. Although it is possible to implement least-privilege administration models on Windows systems, organizations rarely take this precaution , and, in reality, “everyone is an admin” on most Windows systems. As a result, attacks in network security can more easily spread malware and viruses on Windows systems than on Linux servers. Security through Diversity There is a wide selection of distributions (distros) available to Linux users that feature different system architectures and components. The high diversity levels within Linux environments satisfy user needs and deter attackers from targeting Linux systems, as exploits in cyber security are incredibly difficult to achieve among various Linux servers since they are customized to a business’ needs. Although Linux is regarded as a highly secure OS, various specialized secure Linux distros exist for individuals with advanced security and privacy concerns, such as pentesters , reverse engineers , and security researchers. These distros place an intense focus on protecting the user’s privacy and anonymity online. Linux Kernel Security The Linux kernel offers some excellent built-in securitydefenses , including the UEFI Secure Boot firmware verification mechanism, the Linux Kernel Lockdown configuration option, and the SELinux or AppArmor Mandatory Access Control (MAC) security enhancement systems. By practicing Linux kernel self-protection by enabling these features and configuring them to provide the highest level of data and network security , administrators can add a valuable layer of safety to their systems. There are far more configuration options on Linux than on Windows, many of which can be used to enhance security. For instance, Linux Kernel Lockdown is a configuration option that prevents the root account from modifying the kernel code by strengthening the divide between userland processes and kernel code. In the event that a root account is compromised, having Lockdown mode enabled will make it far more difficult for an attacker to compromise the rest of the OS. Lockdown has two modes: integrity mode and confidentiality mode. Enabling Lockdown in integrity mode will block kernel features that allow user space to modify the running kernel, while enabling lockdown in confidentiality mode will block user space from extracting sensitive information from the running kernel. Using integrity mode is the best choice, as confidentiality mode is truly only needed for special systems with sensitive information that the root account should not be allowed to access regularly. Confidentiality mode blocks access to all kernel memory, preventing administrators from being able to inspect and probe the kernel for troubleshooting, development, and testing purposes. Regardless, this privacy-enhancing technology makes Linux all the more secure for users. SELinux and AppArmor are two security enhancement systems that can be used to lock down Linux systems with MAC security policies, offering administrators granular control over the security of their systems so they can protect against server misconfigurations, software cyber security vulnerabilities, and zero-day exploits that could potentiallycompromise an entire system. Smack, or Simplified Mandatory Access Control Kernel , provides another means of implementing MAC policies on Linux. These simple Linux security modules for kernels secure data and process malicious manipulation using a set of custom mandatory access control rules. Although there are fewer MAC options on Windows, the OS does offer Mandatory Integrity Control (MIC) as a mechanism for controlling access to securable objects in addition to discretionary access control. MIC uses integrity levels and mandatory policy to evaluate access against an object’s Discretionary Access Control List (DACL). Secure, Cost-Efficient Hosting Linux hosting has gained immense popularity among resellers due to the high data and network security levels, cost-efficiency, compatibility, and customization that the OS offers. Linux is free, and Linux web-hosting service providers do not bear any subscription charges or per-user license fees as they would with Windows, a benefit that carries over to the consumer. Linux supports the majority of key programming languages used worldwide, including Python, MySQL, PHP, Ruby, and Perl. It is ideal for dynamic websites that experience heavy data traffic, such as online shopping, ticketing, or healthcare provider websites. Linux hosting also delivers a user-friendly network security toolkit absent in Windows hosts called cPanel, which assists in website management and maintenance. These benefits have created great demand for Linux reseller hosting. How Does Windows Security Compare? Due to its immense user base , “hidden” source code, and homogeneous monoculture, Windows OS is a far more attractive target for attacks in network security. Although Linux malware breaches have become more frequent in recent years, Linux is still a relatively small target, with 96% of new malware targeting Windows in 2022 . Microsoft has traditionally employed a method known as “security through obscurity” in an attempt to secure Windows source code. Inthis approach, source code is hidden from outsiders in an attempt to conceal cyber security vulnerabilities from malicious actors. While this may initially sound like a good idea when put to use, this obscure data and network security negatively impact businesses by preventing outsiders from reviewing the source code to report flaws before they are discovered and exploited by cybercriminals. When it comes to finding security bugs, the team of Microsoft developers responsible for reviewing Windows source code is certainly no match for the “many eyes” of the global open-source community backing Linux. That’s not to say that Microsoft doesn’t recognize the inherent benefits of Linux and the open-source development model it is based upon. With services such as Windows Subsystem for Linux v2 (WSL2) and Azure Sphere, Microsoft is a Linux distributor. Linux developers have acknowledged the tech giant’s growing commitment to Linux security and have admitted Microsoft’s Linux developers to the closed linux-distro list . However, Windows on its own may not be the best choice to guarantee safety for your company. Final Thoughts on Linux vs. Windows for Businesses Choosing Linux over Windows equips businesses with a secure foundation on which to build their digital security strategy. Linux has security built into its design, and its relatively small user base makes it a minimal target for any exploits in cyber security that may head its way. While your OS is the most critical software running on your computer, and selecting a secure OS is a great start to help your business improve security posture, you must keep in mind that the OS alone does not safeguard your users, data, and reputation. Security is all about defense in depth, and the security of your networks and servers is greatly impacted by server administration, employee behavior, and your server’s environment. Linux servers must be properly configured, monitored, maintained, and run in a secure environment. Safe online behavior and generaldata and network security practices can be incredibly valuable to keeping your server protected. Bear in mind that security is all about tradeoffs between security and usability and/or user-friendliness. Administrators should configure their systems to be as secure as is practical within their environment. In regards to convenience, Linux has a bit of a learning curve compared to Windows but offers significant security advantages that will make it all worth it. The bottom line: Are you looking to improve your business’s digital security? If so, choosing Linux is an excellent start. . Linux stands out as a secure and cost-effective alternative to Windows, offering robust security, lower costs, and exceptional flexibility for businesses. Open Source Security Benefits, Business OS Comparison, Linux Security Features, Cost-Efficiency in Hosting. . Brittany Day

Calendar%202 May 25, 2023 User Avatar Brittany Day
102

File Descriptor Exploits: Lessons from BlackHat USA 2022 Presentation

Learn about a File Descriptor vulnerability that was exposed at Blackhat USA 2022, and the lessons we can take away from this discovery. . Brief Overview of File Descriptor Vulnerability that was Exposed at Blackhat USA 2022 “File descriptor or fd is widely used in the Linux kernel. Exporting an fd to user space and importing an fd from user space are very common and basic operations in the Linux kernel. However, we discovered that there are many types of high-risk vulnerabilities lurking in the usage of these operations. We discovered that the usage of fd importing operations in the Linux kernel can be a very vulnerable scenario. Several new types of vulnerabilities were found in the scenario and will be revealed for the first time. We also found that known types of vulnerabilities like type confusion are still widespread in the scenario unexpectedly. Moreover, we found a dozen vulnerabilities in the usage of fd exporting operations in kernels. These vulnerabilities exist in the Linux and Android kernels, affecting millions of devices. A comprehensive overview of vulnerabilities in the usage of fd operations will be summarized and thoroughly disclosed in this presentation.” What is a File Descriptor? A file descriptor is a number used by the operating system of a computer to specifically identify an open file. To put it another way, when a file is opened, the operating system produces an entry to serve as a representation of the file and to hold data about the opened file. Therefore, if your OS has 100 open files, there will be 100 entries somewhere in the kernel. To the kernel, all open files are referred to by File Descriptors. A file descriptor is always a non-negative number. The kernel returns a file descriptor to the process each time we open or create a new file. A table of all active, open file descriptors is kept by the kernel. File descriptors are typically assigned in a sequential order, and the next available file descriptor from the pool is assigned to the file. When a file isclosed, the file descriptor is released and made available for new allocations. Look at the image below for a better description: Essentially, everything is stored in a “table”, or better known as an array. At Blackhat USA 2022, Le Wu showed us a quick overview of how the file descriptor process works: For all operations, whether it be read, write, import, export, etc, there is the array in the Kernel space and the file descriptor within the user space. We will discuss a little further how this entire process can be a vulnerability. Known FD Vulnerabilities: Why File Descriptors? Throughout the presentation, I constantly questioned why File Descriptors? And I was quickly given the answer: CVE-2021-0920 and CVE-2021-0929 . The reason why these are so important is because they exploit vulnerabilities with File Descriptors. CVE-2021-0920 was an exploit for Linux socket syscall 0-day that allowed attackers to remotely root Samsung devices. This issue was initially discovered in 2016 by a RedHat kernel developer and disclosed in a public email thread, but the Linux kernel community did not patch the issue until it was re-reported in 2021. With CVE-2021-0929 , there was a possible way to corrupt memory due to a use after free. This led to local escalation of privilege with no additional execution privileges needed and user interaction was not needed for exploitation. Due to a race condition in the garbage collection system for SCM_RIGHTS, CVE-2021-0920 is a use-after-free (UAF) vulnerability. Unix-domain sockets can send an open file descriptor from one process to another by using the control message SCM RIGHTS. In other words, a file descriptor is transmitted by the sender, and a file descriptor is subsequently received by the receiver from the sender. Reference-counting file structs become more complex due to this handling of file descriptors. The Linux kernel community created a unique trash collection method to take this into account. This garbage collecting system has avulnerability identified as CVE-2021-0920. An attacker can take advantage of the UAF by succeeding in a race condition during the garbage collecting operation. Just as CVE-2021-0920, CVE-2021-0929 also shares between kernel space and user space, which called for concern since a race condition can happen between kernel and user operations. Maybe there are issues in these race conditions? During the presentation, the presenter constructed such race conditions in the fd export and import operations! Results from Test Cases: Case 1 – Export Operations on File Descriptors: Case 2 – Import Operations on File Descriptors: When given a special race condition, an attacker could possibly affect the import/export operation to make the device do certain actions. What Can These Old, Patched Vulnerabilities Do? CVE-2022-28350, which was already considered patched and highly critical, states “Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.” Although this was considered patched and fixed, Le Wu, the presenter, found a way to exploit it in two ways: UAF caused by race condition in fd export operation Fd type confusion caused by race condition in fd import operation With this in mind, they succeed in “stealing” privileged files from others! Moreover, If the SELinux is disabled, the unprivileged process used to steal these privileged files will have the ability to read/write the “stolen” privileged file. The exploitation method of “stealing” privileged files from others has been mentioned by Mathias Krause 99 as well. Our thoughts When speaking about the facts of these vulnerabilities and listening throughout the presentation, firstly, we see that GPU drivers are more vulnerable. Examples of vulnerable ones include ARM mali GPU driver, AMD GPU driver, etc. Secondly, the kernel drivers which use the dma-buf interfaces are more vulnerable. Thirdly, because of thepeculiarities of these vulnerabilities, some of them can hardly be found by fuzzers like syzkaller. To overcome the difficulty of finding these vulnerabilities in the usage of fd operations, and to prevent them from happening to begin with, it is important to make sure programmers use best coding practices. With the rise of API attacks and cyber criminals who constantly look for vulnerabilities like these and revisit old vulnerabilities to see what they can find, it is crucial to maintain good practice. I would like to thank Le Wu for the wonderful presentation at BlackHat USA 2022! Check US 22 Wu Devils Are in the File for the full presentation! . At Blackhat USA 2022, researchers revealed serious vulnerabilities in Linux file descriptors that could lead to exploits and unauthorized access to sensitive data. File Descriptor Vulnerabilities, Linux Kernel Security, Blackhat USA 2022, High-Risk Vulnerabilities, Cybersecurity Lessons. . Brian Gomez

Calendar%202 Aug 31, 2022 User Avatar Brian Gomez
102

Enhance Your Cybersecurity: Open-Source SAST and DAST Tools Explained

As open-source software becomes increasingly common in the infrastructure of businesses, it is essential to ensure the security of the software being relied upon. An increasingly popular cyber security solution is open-source SAST (Static Application Security Testing) and DAST (Dynamic Analysis Security Testing) security scanning, which give IT technicians and developers the ability to access the code of a certain piece of software to remove threats or improve the strength of its security. . Software scanning tools allow developers and users to scan the code of the programs they are using to check for security flaws. The two types of security tools, SAST and DAST, each have their strengths and weaknesses. Running these tools (and your wider organizational systems) through an open-source operating system like Linux will provide you with additional security and peace of mind and increase control over your hardware infrastructure. This is what you need to know about SAST and DAST on Linux and why it is important for your organization. What Is Open Source Security? Open-source is software that is accessible to outside users, who can change or share the source code at will. The source code, which open source refers to, is what can be used by developers or technicians to modify the nature of the software. This is used to improve performance, eliminate any technical gremlins, or bolster security. Naturally, open-source security allows you to be incredibly flexible with your security processes because you can immediately dive into the software and fix any issues. There is no need to wait for a software upgrade, call out a specialist, or leave yourself with lasting software problems at the whim of the proprietary software vendor that could damage your organization’s health and reputation. Given the relentless demand for the latest software and technology solutions within businesses today, it is little surprise that open-source security processes are an increasingly prevalent means of tacklingsecurity problems. Using the increasingly popular open-source Linux operating system offers additional security benefits due to its modular construction. This limits user access to applications and separates them from each other, meaning that if there were a cyber-attack, less damage would be done in a single breach. Despite the benefits associated with open-source development discussed above, not every open-source security tool is equal, and there are a few different approaches to consider. This includes SAST and DAST tools, which we will cover in more depth below. What Are SAST and DAST Tools? Ultimately, SAST and DAST tools have the same goal- to improve the security of code within software. However, they take different approaches to solving this problem, which is important to note if you consider utilizing them. What Types of Vulnerabilities can SAST Tools be Used to Find? Firstly, SAST tools are used to examine software source code, which is still under development and not out on the open market. SAST tools can be of great assistance if you are trying to identify and fix bugs during the development phase of a piece of software or technology. SAST tools work by analyzing code to look for vulnerabilities. They use the white box testing methodology, meaning the program is never actually run and is “tested” only on a logical level. By scanning the code, SAST tools can identify vulnerabilities such as: weak random number generation SQL injection cross-site scripting buffer overflows Since SAST tools are usually used earlier in development, they can prevent the need to pull a piece of software later in the development cycle, which could cost a lot of time, money, and even reputational damage. To further improve the efficiency of the software development process, you can add a SAST tool to an integrated development environment (IDE). Essentially, this alerts the development team of any technical glitches or software vulnerabilities as they work, speeding up thesoftware creation process and minimizing the chance of errors. What Types of Vulnerabilities can DAST Tools be Used to Find? Conversely, a DAST tool is designed for use after a piece of software has already been completed. Unlike a SAST tool, a DAST tool does not focus on troubleshooting issues within the code. Instead, it attacks a system from the outside inwards, hacking the program using a variety of approaches - including through exposed HTML and HTTP. Unlike SAST tools, DAST tools use a black box approach, meaning that the program is only tested from the outside without any knowledge of the inner workings, the way a hacker would likely attack it. DAST tools are useful for finding: configuration problems issues with error handling input and output issues Unlike SAST tools, DAST tools can not tell you from where in the code an error originates–it is by design as blind as a real user of the software would be. A DAST tool is particularly useful if you have an existing system or piece of software that is likely to suffer from a certain cyber-attack. For example, if your organization operates an online retail store, then there are certain attacks you should be vigilant of. A DAST tool can be programmed to run a simulation of these hacks to expose any potential weaknesses within your infrastructure. There is a tendency for businesses to focus on deploying either a SAST tool or a DAST tool, focusing on one as though it is better than the other. This is rarely the case because they fulfill different roles within your cyber security processes. By using both tools, you safeguard yourself both at the software development and deployment phases. Which Open-Source Security SAST and DAST Tools are Available? There are various strong open-source security tools available, and choosing between them can be difficult. Here are a few options to consider: Zed Attack Proxy (ZAP) : ZAP is a DAST tool available on Windows, Mac, and Linux that is designed primarily fortesting web applications by using penetration testing. ZAP is a popular tool that is used by dozens of other services and has a beginner-friendly user interface. GoLismero : GoLismero is another DAST tool and is available on Windows, Mac, BSD, and Linux. GoLismero is a bit less beginner friendly than ZAP, as it does not have a UI–it is installed and run solely via the command line. However, it is very robust as it consolidates the results of security frameworks including sqlmap, xsser, openvas, dnsrecon, and theharvester, and has several output options. SonarQube Downloads : SonarQube is an SAST tool that can analyze 17 different languages including Java, Javascript, Python, HTML, and CSS. It also has a dynamic UI, a community forum, and thorough documentation. There are several expanded versions of SonarQube with more features and support for additional programming languages, but only the “Community Edition” is free and open-source. w3af: w3af is a DAST tool designed primarily to test web applications. It is a framework specifically made to be easy to extend and incorporate into other projects. w3af can be downloaded on Linux, Mac, and BSD (it is also possible to run on Windows, but it is not officially supported or tested.) What Are the Top Five Things I Should Look for in an Open-Source Security Scanning Tool? With so many software scanning tools available, it can be helpful to narrow your focus when deciding what tools to use. Tips for choosing the right scanning tool include: Easiness to Use (Especially if You’re a Beginner) Not all software scanning tools are beginner friendly. Some tools, like the aforementioned GoLismero, can only be run or even installed using the command line. On the other hand, tools like ZAP and SonarQube are designed to be easier to use thanks to their detailed user interfaces, making them a good starting point. What Programming Languages It Can Check Not all tools are made for checking all types of programs. While sometools, like SonarQube, can check most types of code, tools like ZAP and w3af are made for testing certain types of programs, like web applications. Limited False Positives Software scanning tools sometimes make mistakes by flagging safe code as dangerous. Attempting to fix these nonexistent flaws can lead to wasting time by rewriting code for no reason, so it is important to look for scanning tools that have as few false positives as possible. What Flaws It Can Find (Don’t Rely on Just SAST or DAST) No one software can find every exploit. Because SAST and DAST tools use fundamentally different methodologies to find flaws and are meant to be used in different stages of development, they should ideally both be used in order to help find more types of errors and bugs. Active Support, Updates, and Community (You Don’t Want a Tool that Can’t Find New Vulnerabilities) When using any open-source software or tool, it is important to check that it is up to date and frequently updated since out-of-date code can be a security risk. Ensuring that the tools you are using are up-to-date is especially important with a security tool like software scanners so that they can find the latest exploits. What Are Some Strengths and Weaknesses of Open-Source Testing Tools? There are many strengths and weaknesses to be aware of when considering the use of open-source testing tools and open-source technology in general. To start with the advantages, open-source testing tools can save your organization substantial money. When you have an open-source variant of a software solution, you can make changes yourself, adapt the software to your specific needs, and even operate without a license, all of which cuts a lot of unnecessary costs. Furthermore, you will (hopefully) be able to identify problems within the system before they cause any significant damage. This could save your organization a substantial amount in damages, potential losses (both data losses and financial losses), and reputationaldamage. Another key advantage of open-source testing tools is increased agility. When you can dive into open-source code at any time, fixing issues and improving performance are made far more efficient. Technically, anyone can work on the software, which eliminates potential delays in waiting for system updates or a professional fix. When you are growing an organization quickly, delays in software updates or bug fixes can stop your progress overnight, so having user-focused testing tools allow you to constantly build upon your base layer solutions. Know that Open-Source Tools Are Not Perfect While open-source tools can provide many advantages, they are not perfect. Commercial tools often have more features. For example, as mentioned before, the paid, closed-source versions of SonarQube offer significantly more features and compatibility with more programming languages. The open-source version is more of a “try before you buy” where features are intentionally limited in an effort to draw clients to their subscription model; it’s not necessarily a limitation of open source itself. However, many open-source scanning tools have large user bases with lots of community support, meaning that bugs can be fixed just as quickly, if not faster, as a proprietary closed-source software. Ultimately, it is up to developers to weigh the pros and cons of open-source tools against the needs of their projects. Final Thoughts on DAST vs. SAST: Which One Is Better? While SAST and DAST are both useful for testing the security of programs, they use fundamentally different methods for finding exploits. SAST programs analyze the code itself; while an error checker that analyzes code sounds more thorough, not all programming errors can be found in code. The fact that SAST never executes the program means that it can not find runtime errors or exploits that can be taken advantage of by a user. While DAST never looks at the code of the program it is testing, it is able to find runtime issuesby executing the program. It is unfair to say that either SAST or DAST is better–they both serve different purposes. Since SAST analyzes code, it is usually used earlier in development to assist with programming. On the other hand, DAST is usually used after the programming is finished as a way of finding exploits in the complete software. Both tools should be used hand in hand for ideal error prevention, and a best-practice security strategy should incorporate both SAST and DAST tools in its software development cycle. . Open-source SAST and DAST tools are essential for enhancing software security. By integrating them into development, vulnerabilities are identified early and reduce risks.. Open Source Security,SAST Tools,DAST Tools,Secure Coding. . Yosef Davidowitz

Calendar%202 Jun 13, 2022 User Avatar Yosef Davidowitz
102

Strengthening Linux Endpoint Security: Embracing Zero Trust and Encryption

With the rise of cloud computing and mobility and the remote work environment brought on by the pandemic, securing Linux endpoint devices has never been more challenging for the organization and its IT department. Endpoint encryption designed to protect data stored on endpoints such as devices, hardware and files has always been an essential component of a strong Linux endpoint security strategy; however, perimeter security is no longer effective in protecting against sophisticated threats in this modern, mobile era. . Instead, organizations need a model that provides multiple fail-safes to strengthen their defenses against today’s advanced cyberattacks. To understand what is required to fortify a modern Linux infosec architecture with a robust endpoint security strategy, we spoke with industry-leading Linux endpoint encryption provider WinMagic about the challenges of securing today’s Linux endpoints, the importance of defense-in-depth and full disk encryption to support a Zero Trust strategy, and how endpoint encryption with WinMagic SecureDoc for Linux delivers multi-layered, full disk encryption to improve Linux endpoint security. Linux Endpoint Encryption Is More Critical than Ever for a Robust Cybersecurity Posture in 2022 & Beyond Cyber risk has never been greater, and is a reality that organizations can no longer afford to ignore - malware incidents rose 358% in 2020, and 1 in 5 Americans experienced a ransomware attack that year. Linux endpoints are often seen as more secure than their Windows counterparts, but the belief that Linux is safe from malware and other cyberattacks is a dangerous misconception . While Linux is generally regarded as a highly secure OS , it has become an increasingly popular attack target in recent years due to its growing user base and the high-value systems and devices it powers worldwide. As a result, organizations need to protect Linux endpoints with identical robust security mechanisms they use for other device types. In this modern, mobile era ofheightened digital risk, organizations must find new ways to protect their systems and information. The Importance of a Zero Trust Strategy & Defense-in-Depth in Securing a Linux Infosec Architecture Relying on a single technology to secure your organization and its data does not provide the protection needed in our modern mobile world. Today, information security architectures require a layered defensive strategy. By creating a security architecture with layers of defense around your critical infrastructure and information, you can reduce the risk posed by modern cyber threats. As technology has advanced and attackers have honed their skills and increased the complexity of their attacks, new approaches and solutions are needed to provide effective defense-in-depth protection for a Linux information security architecture. Zero Trust, which deems all network traffic as untrusted, is one of the more popular security models organizations adopt to deal with emerging threats, but most enterprises are not implementing it to its fullest extent, resulting in unnecessary information security risk. The U.S. Government recognizes the importance of encryption as part of an effective Zero Trust cybersecurity strategy, and a recent memorandum directs agencies to use encryption to protect data at rest. Be Aware of Zero Trust Challenges Implementing Zero Trust recommendations could potentially lead to a decrease in work productivity during encryption and increased costs associated with ongoing administration. Implementing Zero Trust recommendations can be challenging, and could potentially lead to a decrease in work productivity during encryption and increased costs associated with ongoing administration. Luckily there are solutions organizations can leverage to easily meet Zero Trust requirements without sacrificing productivity or cost-efficiency. For instance, WinMagic offers a comprehensive encryption solution, SecureDoc for Linux, that integrates and protects data across an entire IT ecosystem withdefense-in-depth full disk encryption. The solution tackles the challenges associated with implementing Zero Trust recommendations head on by allowing initial live conversion of disk permitting admins and users to log in and work on the machine while encryption occurs. SecureDoc also reduces IT management costs by enabling a pre-boot network-based authentication as an additional security measure to ensure data on drives is never left unprotected during boot-up. In addition, SecureDoc provides damage control for lost or stolen devices by removing keys to ensure data cannot be accessed even with the right credentials. WinMagic SecureDoc for Linux: Enterprise-Class Encryption for Linux Endpoints SecureDoc for Linux offers enterprise-class full drive encryption for Linux endpoints. SecureDoc separates encryption into two components - encryption and key management. Because the expertise to deliver these two components is different, SecureDoc for Linux works seamlessly with Linux native encryption, layering on top of dm-crypt to better manage and unify encryption efforts across the enterprise and device platforms. SecureDoc also supports Smart Card based MFA at pre-boot (e.g., PIV cards). For many agency systems, PIV (including Derived PIV10) will be the simplest way to support phish ing-resistant MFA requirements, and OMB Memorandum M- 19-17 requires agencies to use PIV credentials as the “primary” means of authentication to Federal information systems. Garry McCracken, WinMagic VP of Technology and CISO, elaborates, “Linux has had built-in encryption for endpoints for several years now. Yet, many enterprises struggle with encryption on Linux endpoints such as reinstallation of the operating system before commencing on encryption, and some solutions only providing encryption for Windows devices. Our SecureDoc for Linux solution builds on the capabilities available in Linux (such as dm-crypt), providing an overarching layer of manageability, visibility, and automation that scales at an enterprise leveland facilitates compliance.” Some of the core features of SecureDoc for Linux include: Live disk conversion allows admins and users to log in and work on the machine while encryption occurs. Removes the need to clear the disk and reinstall the operating system before commencing encryption Encryption statuses are monitored and available centrally in a single pane of glass admin portal. SecureDoc enables pre-boot network-based authentication as an additional security measure to ensure data on drives is never left unprotected during boot-up. Supports Smart Card based MFA at pre-boot (e.g., PIV cards) SD Linux makes it easy for AD and Azure AD users to log into encrypted devices. Login to encrypted devices without having to be pre-provisioned for access on the device. SecureDoc Enterprise Server provides a simple central management for all OS endpoints, including Linux, Windows, and Mac. With the features included in the defense-in-depth protection of WinMagic’s SecureDoc for Linux, organizations can support an integrated Zero Trust strategy that fortifies their information security architecture for Linux endpoints. Key Takeaways In 2022, securing Linux endpoints in an information security architecture has never been more critical - and more challenging - for organizations. Defense-in-depth protection and a Zero Trust strategy are essential components of an effective modern Linux endpoint encryption solution. SecureDoc for Linux is a solution we love for organizations looking to meet Zero Trust requirements and fortify Linux infosec architectures with multi-layered endpoint encryption. . Companies need to embrace a systematic method to improve Linux endpoint protection and establish robust zero trust frameworks.. Linux Endpoint Security, Zero Trust, Encryption Solutions, Cyber Defense, Defense-in-Depth. . Brittany Day

Calendar%202 May 02, 2022 User Avatar Brittany Day
102

Community Survey for Linux Security Insights and User Preferences

It is customary for communities of every sphere to stand up occasionally, and take a good, long look at what . What would you really want to see on the site? Is it your distribution of choice? Hacking tips? Or new security applications? The newest vulnerability update? More Open Source business news? More RSS feeds? More focus on consistent and prominent Advisories? Whatever it is, you can help us continue to improve what we offer with this quick survey. It should take you a couple of minutes to complete, and in about two weeks, we'll post the results to the site. Survey Link: (As you access the survey, don't fill in the security question - it's not necessary!). Thank you for your input and stay tuned!. What would you really want to see on the site? Is it your distribution of choice? Hacking tips? Or n. customary, communities, every, sphere, stand, occasionally. . Brittany Day

Calendar%202 Oct 22, 2007 User Avatar Brittany Day
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200