Construye tu stack de ciberseguridad con open source
0 likes•292 views
The document discusses building a cybersecurity stack using open-source tools, emphasizing the importance of information security tools and frameworks to protect organizations. It covers various cybersecurity concepts, examples of attacks, and common vulnerabilities faced by enterprises, highlighting the role of open-source software in addressing these challenges. The piece also provides resources and strategies for selecting and integrating open-source security tools within development processes.
Construye tu stack de ciberseguridad con open source
- 1. Building your cybersecurity stack with Open-Source HECTOR ERYX PAREDES CAMACHO TECH MANAGER @ HELIX RE UNIDOS COMPARTIENDO Y APRENDIENDO #SGVIRTUAL AND CONTRIBUTE TO A SAFER WORLD
- 2. Open Source México Advocates of “OpenSourceFirst” culture to increase innovation and economic growth at Mexico
- 3. Open Source México Join us ! • Monthly meet ups • Upcoming Events • Networking • News Networks: https://twitter.com/amigososom https://www.linkedin.com/groups/12137251/ https://www.instagram.com/opensourcemexico/ https://github.com/orgs/OpenSOurceMexico/teams https://www.meetup.com/Open-SOurce-Mexico-OSOM/ https://www.facebook.com/OSOM-Open-Source-Mexico-354538278660417
- 5. What you should take in the next 50 minutes: • NO MATTER HOW HARD IT COULD LOOK, YOU SHOULD BE AWARE OF INFORMATION SECURITY TOOLS, FRAMEWORKS AND PROCESSES TO PROTECT YOURSELF AND YOUR ORGANIZATION
- 6. Topics ☛ Cybersecurity ☛ Open Source and how it works ☛ Tools ☛ How to decide
- 8. Defining Cybersecurity is hard Context is important. Requires deep understanding of core concepts like: • Authorization • Confidentiality • Integrity • Availability Sources: https://www.enisa.europa.eu/publications/definition-of-cybersecurity https://csrc.nist.gov/glossary/term/cybersecurity • The prevention of damage to, unauthorized use of, exploitation of, and—if needed—the restoration of electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity and availability of these systems. • The process of protecting information by preventing, detecting, and responding to attacks
- 10. Cybersecurity example (A) “…We’ve been alerted that portions of the PHPBB user table from our forums showed up in a leaked data collection…includes usernames, email addresses, salted, hashed passwords….” BTW, they were using phpBB 3.1, an OpenSource forum board. The attack could be mitigated using an updated version of phpBB. Source: https://ethhack.com/2019/09/xkcd-forum-hacked-over-562000-users-account-details-leaked/
- 11. Cybersecurity example (B) Mexico's Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded “Security researchers were able to find the malware sample which confirms the DoppelPaymer infection …Pemex was probably targeted by an initial infection of the Emotet Trojan which eventually provided network access…then have used Cobalt Strike and PowerShell Empire to spread the ransomware…” Emotet uses a modular based architecture which includes open source tools. Signatures of Emotet botnet can be found by the Cuckosanbox open source malware analysis tool. Source: https://www.bleepingcomputer.com/news/security/mexicos-pemex-oil-suffers-ransomware-attack-49-million-demanded/
- 12. Cybersecurity example (C) A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response “In his research into reverse RDP attacks, Eyal Itkin found that for mstsc.exe, this technique, also referred to as lazy lateral movement, was possible through the clipboard sharing channel.” “Check Point Research recently discovered multiple vulnerabilities in (RDP) that would allow a malicious actor to reverse the usual direction of communication and infect the IT professional… There are also some popular open-source clients for the RDP protocol that are used mainly by Linux and Mac users.” Source: https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/ https://research.checkpoint.com/2019/reverse-rdp-attack-code-execution-on-rdp-clients/
- 13. Common Denominator Popular website • Forum • Opensource tool • Non patched Large corporation • Spear phishing • Established foothold • Install ransomware • Known malware signatures • Opensource modules • Public signatures opensource Windows Remote Desktop Protocol • Enterprise client analyzed • Opensource clients analyzed • Static Analysis to identify vulnerabilities
- 16. FOSS is… Collaboration Openness Meritocracy Born in hacking culture
- 17. THE Hacking Culture particularly creative people who define themselves partly by rejection of ‘normal’ values and working habits a subculture of individuals who enjoy the intellectual challenge of creatively overcoming limitations of software systems to achieve novel and clever outcomes a manner in which it is done and whether it is something exciting and meaningful Source: https://en.wikipedia.org/wiki/Hacker_culture http://catb.org/jargon/html/introduction.html <- PLEASE READ THIS BOOK, “THE CATHEDRAL AND THE BAZAAR BY ERIC. S RAYMOND
- 18. Cyber Security community embraces Collaboration Openness Meritocracy DERIVED ON IT’S HACKING SUBCULTURE(S)
- 19. How to choose the right tool for the right job
- 20. HUGE HUGE HUGE LIST OF FOSS TOOLS ON CYBERSEC This Photo by Unknown Author is licensed under CC BY-NC-ND
- 21. Where to find OpenSource security tools GitHub / Gitlab Sourceforge Academic institutions Carnegie Mellon University SEI: https://www.sei.cmu.edu/publications/sof tware-tools/ Organizations promoting Security OWASP: https://owasp.org National Security Agency: https://github.com/nationalsecurityagency Within Enterprise Security Tools Some products are based on Core Open Source projects
- 22. Now: Let Me Google That For You •Intrusion Protection System Snort •Original engine of Nessus Network Scanner OpenVAS •The good old school network scanner Nmap •Community version of Nagios network/infra monitor Nagios Core •Simulate MITM attacks Ettercap •Simulate a Breach and Attack scenario with super GUI Infection Monkey •Framework to automate vulnerabilities testing (EXPLOITS) Metasploit •Malware Analysis sandbox Cuckoo Sandbox •GUI Forensic tools for HD Autopsy •List Unix tools, versions and vulnerabilities Lynis Source:https://www.darkreading.com/threat-intelligence/10-open-source-security-tools-you-should-know/d/d-id/1331913
- 23. For the Hoody h4x0r on the room Join: https://t.me/bugbountyes
- 24. OWASP Zed Attack Proxy Project The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security. Can help to automatically find security vulnerabilities web applications. • Possibly to integrate it in a CI/CD pipeline Great tool for experienced pen testers to use for manual security testing.
- 25. SAST Static Application Security Testing https://snyk.io/ https://www.sonarqube.org/sonarqube-8-0/ https://docs.renovatebot.com/ https://github.com/archerysec https://github.com/hawkeyesec https://coreos.com/clair/docs/latest/ https://www.whitesourcesoftware.com/open-source-security/ Source:https://blog.vulcan.io/vulnerability-remediation-in-the-ci-cd-pipeline-not-just-a-coding-issue Disclamer: Not all these tools are open source, but most of them are offered freely for opensource projects
- 26. WITH SO MANY OPTIONS, WHAT CAN I DO! HOW TO DECIDE
- 27. Define GOAL & Expected OUTCOME What is the purpose of : Scanning your code Analyzing your dependencies Running a vulnerability proxy Scan your network Scan endpoints/devices Monitor your network traffic Run a forensic analysis on a HDD Add a key management tool Results must become deliverables with Quantifiable data Baselining Key Performance Indicators Useful for security audits & compliance Tailored to the cybersecurity landscape of the systems • Retro feedback Threat & Risk Analysis
- 28. Training Comprehensive official documentation (contributors love documenting, right?) Find the creators Check if they are open to help Github issues are a great way to learn StackOverflow… Blog posts YouTube videos BOOKS O’Reilly has a huge library of books covering how-to on many open source tools From time to time companies or individuals close to the project provide on-site/on-line training: got for it!
- 29. Features Need a GUI? Need a CLI? Integration Matches the current CI/CD pipeline Reports Single run Historical data Extensible Plugin architecture Modular architecture Codebase easy to maintain
- 30. Support Remember, must open source license provide no warranty Only community support Supported by a company Premium support available Is it an active community? Check if there are recent commits Communication channels •Slack •Mailing lists •Github issues
- 31. Integration
- 32. Strategy 1: Pre Commit Hooks
- 33. Strategy 2: On Artifact Build
- 34. Strategy 3: On Deploy to lower environments
- 35. Using a mix of strategies can leverage multiple benefits BUT… might require larger maintenance, extra resources ($), increased complexity
- 36. Most security tools can be integrated with a CI/CD pipeline
- 37. Scanners can be configured to run automatically on cloud/on-premise infrastructure
- 38. Thank you!