Security Software & Tools Tips – August 2019

In this monthly post, we try to make you aware of five different security-related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Vuls
* Dirhunt
* InsightIDR
* SubDomainizer
* Atomic Red Team

Vuls

Information from the Vuls website:

Vuls is open-source, agent-less vulnerability scanner for Linux, FreeBSD, Container Image, Running Container, WordPress, Programming language libraries and Network devices based on information from NVD, OVAL, etc.

Website:

https://vuls.io/

Dirhunt

Information from the Dirhunt website:

Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of” mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.

Website:

https://github.com/Nekmo/dirhunt

InsightIDR

Information from the InsightIDR website:

Rapid7 InsightIDR is an intruder analytics solution that gives you the confidence to detect and investigate security incidents faster, a Cloud SIEM for your modern network.

Website:

https://www.rapid7.com/products/insightidr/

SubDomainizer

Information from the SubDomainizer website:

SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL. This tool also finds S3 buckets, cloudfront URL’s and more from those JS files which could be interesting like S3 bucket is open to read/write, or subdomain takeover and similar case for cloudfront. It also scans inside given folder which contains your files.

Website:

https://github.com/nsonaniya2010/SubDomainizer

Atomic Red Team

Information from the Atomic Red Team website:

Atomic Red Team is a library of simple tests that every security team can execute to test their defenses. Tests are focused, have few dependencies, and are defined in a structured format that can be used by automation frameworks.

Website:

https://atomicredteam.io/

Image by vishnu vijayan from Pixabay

Security Software & Tools Tips – May 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
*
angr
* Brakeman
* Moloch
* OSXCollector
* Zeek

angr

Information from the angr website:

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic (“concolic”) analysis, making it applicable to a variety of tasks.

Website:

https://angr.io/

Brakeman

Information from the Brakeman website:

Brakeman is a security scanner for Ruby on Rails applications. Unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found.

Website:

https://brakemanscanner.org/

Moloch

Information from the Moloch website:

Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Moloch exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Moloch stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.

Website:

https://molo.ch/

OSXCollector

Information from the OSXCollector website:

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.

Website:

https://yelp.github.io/osxcollector/

Zeek

Information from the Zeek website:

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous many educational and scientific institutions for securing their cyberinfrastructure.

Website:

https://www.zeek.org/

Image by methodshop from Pixabay

IOT specialist IIOX adopts Flexible Engine for business agility in the cloud

Leading industrial IoT platform developer IIOX has selected Flexible Engine, the public cloud service from Orange Business Services, for its global expansion and to avoid vendor lock-in.
Headquartered in Sweden, the IIOX cloud-based platform collects, harmonizes, aggregates and distributes machine data in real time, turning data into useful insight and knowledge. Its customers include energy supplier E.ON and companies in automatic meter reading and the agricultural sector.

IIOX has been a Basefarm customer for a number of years and has been extremely satisfied with the quality of the service delivery. But with its contract up for renewal and the recent acquisition of Basefarm by Orange Business Services, the company was open to a new solution that would support its expansion plans. Up until this point, IIOX had a server infrastructure from Basefarm, which was managed in-house and could not scale geographically.

IIOX was looking for a secure, scalable, fully-managed platform that supported a container orchestration system, having redesigned their applications to use Kubernetes. It also wanted to avoid any vendor lock-in or upfront costs.

At the same time, they wanted to move to a fully managed system, so they could concentrate on their core business and not have to worry about retaining in-house skills. They tried Flexible Engine, our innovative solution based on OpenStack, and they liked its flexibility, scalability and security features.

IIOX is starting its Flexible Engine deployment in Europe, with plans to deploy to other regions. Basefarm is managing the local initiative in the Nordics, with Orange Business Services providing global support. As well as Flexible Engine services, such as Kubernetes and Apache Kafka stream processing, there will also be a fully-managed Cassandra distributed database from Orange Business Services.

This will work around the pay-as-you-go model that IIOX was looking for. Orange Business Services also reassured IIOX regarding compliance that could arise from globalizing the solution.

Avoiding vendor lock-in

Designed to help migrate applications to the cloud, Flexible Engine is based on OpenStack technology and public cloud services infrastructure.

As the cloud market consolidates, vendor lock-in is a growing concern for enterprises, according to IDC’s information technology predictions for 2019. IDC believes that as part of this trend, enterprises will look for providers that can integrate multi-cloud services. OpenStack, unlike Amazon AWS or Microsoft Azure, supports a number of proprietary technologies and can successfully operate in bare metal and hypervisor environments.

When it comes to OpenStack and Kubernetes – they are seen as a great match. According to Openstack.org, OpenStack now runs the largest number of enterprise network and storage systems, allowing containers to be seamlessly integrated into the enterprise environment.

IIOX is on trend. Enterprise interest in the applications container market continues to grow, driven by enterprises looking to manage infrastructures more efficiently and meet their digital transformation goals on time. 451 Research believes the applications container market will hit more than $2.1 billion this year and more than $4.3 billion in 2022.

Moving forward

IIOX is one of the first joint deals for Orange Business Services and Basefarm, highlighting the large portfolio of services directly through a console pay-as-you-go mode. At the same time, it underscores the power of local control and global reach that will support IIOX in its ambitious expansion plans as the industry appeal of IoT rapidly accelerates.


Joakim Karlsson

Joakim Karlsson, based in Stockholm, Sweden, is the Business Development Manager covering Cloud Business in the Nordic region. He has been in the IT industry for 20 years – nine of those years at Microsoft – and his extensive experience is an asset in helping Orange customers navigate the cloud domain. In his spare time, Joakim likes to golf, play paddle tennis and spend time with his family and friends.

New Initiative Aims to Fast-Track Women into Cybersecurity Careers

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A new professional development initiative will give 100 women the opportunity to revamp their careers and prepare for new roles in cybersecurity in only 100 days…

Read more

 

Top 5 Security News

What’s Behind the Wolters Kluwer Tax Outage?

Avoid a Security Endgame: Learn About the Latest “Avengers” Scam

Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeove

Turla LightNeuron: An email too far

Hackers steal US$41 million worth of Bitcoin from cryptocurrency exchange

Image by Gerd Altmann from Pixabay

|

THE BANK THAT CAN SLEEP WELL AT NIGHT

MedMera Bank was looking for a partner who could take responsibility for the operation of the bank’s payment flow systems and meet extremely high standards of security and availability. The choice fell on Basefarm, which since 2015 has had overall responsibility for operation of the bank’s central payment system.

When in 2015 MedMera Bank saw a need to upgrade its operations environment, it sought a supplier that could meet the very high standards of security, delivery and availability that apply in the payment world.

“We also needed a partner who was proactive and kept up with the constant development of the industry,” says Carita Weiss, CIO of MedMera Bank.

Following a long procurement and evaluation process involving several possible operations providers, the choice finally fell on Basefarm and its PCI DSS hosting platform in Sweden.

Read the whole customer case here – MedMera Bank costumer case

Do you want to know more about about our SOC?

Basefarm Security Operation Center

What is a security operation center and why do you need it?

WHEN BUSINESS CONTINUITY IS KEY

Semantix, Scandinavia’s largest language company, chose Basefarm as their managed service provider to manage their business critical applications. High availability, security expertise and flexible solutions were on the wish list during the procurement process.

“Basefarm presented an ability to handle the criteria we had, while also having the operational capacity to match the size of Semantix. Besides having the technical know-how and the financial stability, they are able to deliver flexible and specialized solutions,” says Mats Zetterberg, IT Operations Manager at Semantix.

Read the whole customer case here – Semantix customer case 

Want to know more about Basefarm and what we can offer you?

Basefarm – Complete Service Responsibility 

Continuous development using containers

Are you familiar with the “throw it over the fence” method? If so, you’ll know that it is not very productive.

The method refers back to the old times of web development, when humans and technology often failed to work together optimally. Once new code runs well on the developers’ machines, it was ‘thrown over the fence’ to the test and operations layer. There, the setup may be so different that the code fails. It then needs to be thrown back, or a lot of work put into getting it to run.

As if that’s not enough, the procedure then has to be repeated more or less for every update.

Break down the barriers

“A complete and coherent programming process is much better”, claims Basefarm system architect, Andreas Skoglund.

What he has in mind are Docker containers, Kubernetes, a continuous development cycle, databases, message queues, monitoring and logging tied together into a single solution.“OpenShift Container Platform is a Kubernetes distribution with a robust bunch of other technologies that deliver precisely that”, he explains.

The setup works equally well in private clouds and cloud services like Microsoft Azure and AWS.

At the base are Docker containers. Docker is a way of packaging applications together with all their dependencies. This contrasts with traditional packaging like .exe, .rpm and other application types whose operability is sensitive to library and version differences in the operating environment.

Containers can be set to be ‘immutable’, to prevent them being changed. This ensures consistency of behaviour during development, testing and production.

To avoid software conflicts, current practice has been to run a single application per virtual machine (VM). Using containers avoids this problem, and a VM is easily able to run several containers, which both saves resources and simplifies administration.

Kubernetes – a building block

Kubernetes is a modular framework that can be assembled in many different ways, but also gives developers and technicians the same experience no matter where under the bonnet they are working.

A major benefit of this is familiarity, regardless of the system’s location, whether in the cloud using Microsoft Azure for instance, or on a server in the basement.

Kubernetes also simplifies many of the technician’s tasks, distribution and siting of the containers is automatic, and extra capacity can be provisioned at very short notice to handle increased load, e.g. for Black Friday.

“The platform automates container-based architectures.”

 

OpenShift is one way of deploying Kubernetes. In OpenShift, Kubernetes is combined with a number of other services that are often required in agile and DevOps oriented environments.

In this way, OpenShift is able to realise the dream of most IT environments – a coherent, integrated programming process. OpenShift also allows for multiple, separate, independent CI/CD processes and the necessary support around Kubernetes such as image administration, build tools, monitoring and consistent security across all the services.

That’s why we in Basefarm are working more and more with Kubernetes on OpenShift – to help our customers make the most of their multi cloud environments, develop and deploy quickly, in a safe way.

From application to container

So, what about the pathway from application to container?

Here too OpenShift helps in several ways. One of these functions is called source-to-image (S2I). OpenShift stores the containers for you based on S2I recipes available for all the most popular languages and frameworks.

Supporting technologies such as message queues, databases and so on are also supported in OpenShift via the Service Catalog. These can be provisioned outside of OpenShift, for example in AWS, but at the same time be tied to your application and controlled from OpenShift.

Want to know more about Continuous Dilivery, read the blog post “How to move mountains – our road to continuous delivery” here

Author: Andreas Skoglund, Solution Architect, Basefarm

Andreas Skoglund is a solution architect at Basefarm. He describes this as a creative and varied job that mostly revolves around designing and developing technical solutions for solving customers’ dilemmas. His leisure hours are taken up with programming for fun, home automation and building an overcomplicated home network.

HYBRID CLOUD FOR PEAK LOADS AT DESTINATION GOTLAND

Destination Gotland is a wholly owned subsidiary of Rederi AB Gotland. On behalf of the Swedish government, they operate the ferry services between Visby, Nynäshamn and Oskarshamn.

THE CHALLENGES: RELIABLE EXPERTISE THAT WOULD NEVER FAIL

  1. During peak season, it is absolutely crucial that their booking systems work. The ferry service affects the entire island of Gotland and all their inhabitants.
  2. They were looking for expertise and experience in managing and operating booking system

Read the whole customer case here – Destination Gotland customer case

Read more about our Azure services

Read more about our AWS Services

 

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers.

You can interact with Docker via the terminal and also via remote API. The Docker remote API is a great way to control your remote Docker host, including automating the deployment process, control and get the state of your containers, and more. With this great power comes a great risk — if the control gets into the wrong hands, your entire network can be in danger.

Read more

Top 5 Security News

Backdoored GitHub accounts spewed secret sneakerbot software

RSAC 2019: TLS Markets Flourish on the Dark Web

Web Authentication: What It Is and What It Means for Passwords

Google Discloses Unpatched ‘High-Severity’ Flaw in Apple macOS Kernel

How To Spoof PDF Signatures

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices.
After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and Meltdown variations surfaced again and again.

Read more

Top 5 Security News

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Severe Linux kernel flaw found in RDS

Thrangrycat

Security Updates Released for Adobe Flash Player, Reader, and Media Encoder

WhatsApp flaw used to install spyware by simply calling the target