Monday, February 8, 2016

لماذا التفكير في استخدام نظم أمن و حماية المعلومات مفتوحة المصدر؟



في عام 1983 ، نشر ريتشارد ستالمان بيان (GNU) الذي أوضح من خلاله تصوره و فلسفته الخاصة بالبرمجيات مفتوحة المصدر Open Source Software و قد جاء في هذا البيان أن إتاحة و توافر شفرة المصدر Source Code الخاصة بالبرمجيات مفتوحة المصدر و حرية تداولها و تعديلها و إعادة توزيعها يعد من الحقوق الأساسية لأي فرد ، و في العام التالي مباشرة أطلق ستالمان مشروع GNU و الذي استهدف بشكل رئيسي كتابة نظام تشغيل كامل و مجاني بشفرة مفتوحة المصدر مما يرفع جميع القيود التي تخص إعادة استخدام و تعديل و توزيع هذه الشفرة بواسطة أي شخص (http://www.gnu.org).
ريتشارد ستالمان ، 2014
في عام 1989 نشر فريق عمل GNU الإصدار الأول من رخصة (Global Public License - GPL) و ذلك ليستخدمها مطوروا البرامج كرخصة لبرامجهم مفتوحة المصدر و أيضا كأداة قانونية لضمان أن البرمجيات مفتوحة المصدر التي يتم إنتاجها سوف تظل متاحة للجميع بشكل دائم ، و في عام 1991 تم تطوير و نشر الإصدار الثاني من رخصة (GPL v2) ، و في عام 2007 تم نشر الإصدار الثالث من نفس الرخصة (GPL v3).
و مع خروج مشروع GNU إلى النور و مع نشر رخصة (GPL) بإصداراتها المختلفة ، بدأت حقبة جديدة في عالم تطوير البرمجيات و التطبيقات و أصبح عالم البرمجيات مفتوحة المصدر واقعا ملموسا ، و قد شاركت مئات الشركات و المؤسسات و المنظمات إلى جانب آلاف من مطوري البرامج في إنتاج و تطوير آلاف البرامج و التطبيقات و الأنظمة مفتوحة المصدر التي تخدم شتى المجالات.
الآن و بعد أكثر من ثلاثة عقود من إنتاج و تطوير البرمجيات مفتوحة المصدر ، و مع آلاف الأنظمة و التطبيقات التي تم تطويرها ، كان لمجال تأمين و حماية البيانات نصيب وافر من هذا الكم الهائل من البرمجيات و الأنظمة ، و التي تغطي تقريبا جميع أساليب و تقنيات تأمين و حماية البيانات سواءً من جهة الحماية و الدفاع أو من جهة الاختبار و التقييم الأمني لطرق و وسائل الحماية و محاولة اختراقها ، و أصبح الآن من السهولة بمكان الحصول على أنظمة و أدوات مفتوحة المصدر تستخدم في تأمين و حماية البيانات و شبكات المعلومات من جدران نارية Firewalls و أنظمة كشف و منع الاختراق (IPS/IDS) و برمجيات تشفير البيانات Encryption أو مضادات الفيروسات Anti-Malware ... إلخ ، بل إن بعض الأنظمة و التطبيقات التجارية الشهيرة في الوقت الحالي بدأت كمشروعات لأنظمة مفتوحة المصدر.
لماذا يجب علينا التفكير في استخدام أنظمة أمن و حماية المعلومات مفتوحة المصدر؟
إن النظم و البرمجيات مفتوحة المصدر تحمل في طياتها العديد من الفوائد و المزايا لكل من قطاع الأعمال من شركات و مؤسسات أو القطاع الكبير من المستخدمين المنزليين، و في النقاط التالية سوف نوضح بعضً من هذه الفوائد والمزايا.
  •  تأمين كود المصدر:
البعض منا قد يعتقد أن توافر شفرة المصدر لبرمجيات المصدر المفتوح هي واحدة من نقاط الضعف التي يمكن استخدامها من قبل المتسللين لاكتشاف واستغلال الثغرات الأمنية في هذه البرامج، ولكن على العكس من ذلك، فإن توافر شفرة المصدر تمكن الآلاف من مطوري البرمجيات من مراجعة هذه الشفرة لاكتشاف وتحديد نقاط الضعف الأمنية بها و من ثم العمل على علاج نقاط الضعف و سد الثغرات ، و بالتالي يمكن القول أن البرمجيات مفتوحة المصدر تحطم و تنفي  مفهوم "الأمن من خلال الغموض" بمعنى أن هذه الأنظمة تكون آمنة لأنها فعلا آمنة و ليس لأنه لا أحد يعرف عن محتواها شيئا.
  • الجودة العالية و والتخصيص و المرونة.
البرمجيات ذات المصدر المفتوح تتميز بمستوى عال من الجودة لأنه يتم كتابتها و تعديلها و تحسينها عادةً بواسطة عدد كبير من مطوري البرمجيات الذين يعملون من منطلق رغبة شخصية أو أهداف جماعية تركز في المقام الأول على احتياجات المستخدمين الفعلية و ليست على وجهة فرق التسويق بشركات البرمجيات ، بل إن المستخدمين أنفسهم ربما شاركوا في كتابة و تطوير هذه البرامج أو على الأقل في تعديلها و إعادة تخصيصها وفقا لاحتياجاتهم الخاصة وطبقا للموارد المتاحة لديهم.
  •  التكامل والتوافق والعمل المشترك.
تلتزم عملية تطوير البرمجيات ذات المصدر المفتوح بالقواعد و الأطر و البروتوكولات القياسية و تبتعد عن الأطر و البروتوكولات ذات الملكية الخاصة مما يزيد من مستوى من التكامل والتوافق والقدرة على العمل المشترك بين مختلف الأنظمة و الأدوات ذات المصدر المفتوح.
  • الشفافية والقابلية للتدقيق
نظرا لأن شفرة المصدر الخاصة بالبرمجيات ذات المصدر المفتوح تكون متاحة للجميع فإن هذا يزيد من سهولة و سرعة مراجعة و تدقيق شفرة المصدر من قبل الكثير من المطورين للتأكد من التزام كاتب البرنامج بالمواصفات المعلن عنها من خصائص و إمكانات البرنامج إلى جانب خلو شفرة البرنامج من أي قصور أمني أو أبواب خلفية تمكن كاتب البرنامج سواءاً كان فردا أو شركة أو مؤسسة من الدخول إلى البرنامج دون علم المستخدم.
  • التكلفة
معظم البرمجيات مفتوحة المصدر تكون متاحة مجانا أو بمقابل مادي بسيط ، عادةً ما يكون مقابل الدعم الفني ، و برغم من ذلك فإن هذا المقابل المادي يمثل جزءاً بسيطا بالنسبة للبرمجيات ذات الملكية الخاصة و خاصة إذا أخذنا تكلفة البرنامج بعين الاعتبار والتي قد تشتمل على ثمن الشراء ، وعدد التراخيص المتاحة ، و إمكانية الترقية للإصدارات الأحدث ، و الدعم الفني ، و الإدارة ، و الحماية من الفيروسات ، إلى جانب الموارد المخصصة لتشغيل البرنامج نفسه.
  • تتناسب الأنظمة و البرمجيات ذات المصدر المفتوح مع متطلبات كل من المؤسسات و الشركات و حتى الأفراد.
في الجدول التالي بعض من أفضل الأنظمة الأمنية مفتوحة المصدر المتاحة حاليا والتي تغطي المواضيع التالية:

  •  Firewalls.
  • Network IPS/IDS.
  • Host Based IPS/IDS.
  • Data Loss Prevention (DLP).
  • Anti-Malware.
  • Web Content Filter
  • Encryption.
  • Password Management.
  • Web Application Firewall (WAF)
  • Email Security.
  • Identity Management.
  • Patch Management.
  • Forensic Analysis.
  • Vulnerability Assessment.
  • SIEM and NSA.
م التقنية المُنتج و وصفه
1
Firewalls		 OPNsense:

It is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform which includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
pfSense:
The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls.
 

IPFire:

It was designed with both modularity and a high-level of flexibility in mind. You can easily deploy many variations of it, such as a firewall, a proxy server or a VPN gateway. The modular design ensures that it runs exactly what you've configured it for and nothing more. Everything is simple to manage and update through the package manager, making maintenance a breeze.
  


IPCop:

The IPCop Firewall is a Linux firewall distribution. It is geared towards home and SOHO users. The IPCop web-interface is very user-friendly and makes usage easy.
2
Network IPS/IDS		 Snort:
It could be considered the de-facto standard for IDS and eventually IPS. It's important to note that Snort has no real GUI or easy to use administrative console. Lots of other open source tools have been created to help out, notably Snorby and others like Base and Squil.
Suricata:
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors

Bro:
Bro, or sometimes referred to as Bro-IDS is a bit different than Snort and Suricata. In a way Bro is both a signature and anomaly-based IDS. Its analysis engine will convert traffic captured into a series of events. An event could be a user logon to FTP, a connection to a website or practically anything.

Kismet:
Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types. Kismet is the baseline for wireless IDS.
3
Host Based
IPS/IDS		 OSSEC:
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Mac OS, Solaris and Windows.

SAMHAIN:
The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
4
DLP		 OPENDLP:
Data Loss Prevention suite with centralized web frontend to manage Windows agent filesystem scanners, agentless database scanners, and agentless Windows/UNIX filesystem scanners that identify sensitive data at rest.
5 Anti-Malware ClamAV:
ClamAV® is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates.



ClamWIN:
ClamWin is a Free Antivirus program for Microsoft Windows 10 / 8 / 7 / Vista / XP / Me / 2000 / 98 and Windows Server 2012, 2008 and 2003. ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code. You may download and use it absolutely free of charge.
Nixory
Nixory is a free and open source antispyware tool written in Python/PyGTK aimed at removing malicious tracking cookies from your browser. It currently supports Mozilla Firefox, Internet Explorer and Google Chrome. It runs on all OS, including Windows, Linux and MacOSX.
6 Web Content Filter DansGuardian:
DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.
7 Encryption AxCrypt :
AxCrypt is the leading open source file encryption software for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.

 GnuPG:
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME and Secure Shell (ssh). 


 Gpg4win:
A secure solution for file and email encryption. Gpg4win (GNU Privacy Guard for Windows) is Free Software and can be installed with just a few mouse clicks.
8 Password Management KeePass:
It is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish)



KeePassX:
It is an application for people with extremly high demands on secure personal data management. It has a light interface, is cross platform and published under the terms of the GNU General Public License
9 WAF ModSecurity:
It is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.


WAF-FLE:
It  is a OpenSource ModSecurity Console, allows modsecurity admin to store, view and search events sent by sensors using a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful and easy to use filter, with almost all fields clickable to use on filter.

 FreeWAF:
The FreeWAF provides specialized, layered application threat protection. It protects your web-based applications and internet-facing data from attack and data loss. Using advanced techniques to provide bidirectional protection against sophisticated threats like SQL injection and cross-site scripting, it helps you prevent identity theft, financial fraud and corporate espionage.

 AQTRONIX WebKnight:
It is an application firewall for IIS and other web servers and is released under the GNU General Public License. More particularly it is an ISAPI filter that secures your web server by blocking certain requests. If an alert is triggered WebKnight will take over and protect the web server. It does this by scanning all requests and processing them based on filter rules, set by the administrator. These rules are not based on a database of attack signatures that require regular updates. Instead WebKnight uses security filters as buffer overflow, SQL injection, directory traversal, character encoding and other attacks. This way WebKnight can protect your server against all known and unknown attacks. Because WebKnight is an ISAPI filter it has the advantage of working closely with the web server, this way it can do more than other firewalls and intrusion detection systems, like scanning encrypted traffic.

 IronBee:
It The next-generation open source web application firewall engine, designed to be modular, portable, and efficient, and to give you the tools you need to defend sites from attack.
 
Vulture 2 is a reverse-proxy with features of WebSSO and application firewall. It is based on Apache and mod_security. Vulture interfaces between web and Internet applications to provide protection against application attacks (SQL Injection, Cross Site Scripting, Brute-Force, ...).
10Email SecurityMailScanner:
It is a highly respected open source email security system design for Linux-based email gateways. It is used at over 30,000 sites around the world, protecting top government departments, commercial corporations and educational institutions. This technology has fast become the standard email solution at many ISP sites for virus protection and spam filtering.

ScrollOUT:
Email Gateway designed for Linux & Windows administrators without advanced email security experience. Its goal is to be as simple as possible. An easy to use, already adjusted email gateway (firewall) offering free anti-spam, anti-virus protection in order to secure all existing email servers, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Qmail and more.

Open AS Communication Gateway:
It is an enterprise-grade spam filtering technologies with an open license. It is
developed by experienced server administrators, our open source solution includes no mercy for spammers, scam and malware, keeping your mailboxes clean and safe - for free.
It is a scalable and open-source content-based spam filter designed for multi-user enterprise systems. On a properly configured system, many users experience results between 99.5% - 99.95%, or one error for every 200 to 2000 messages. DSPAM supports many different MTAs and can also be deployed as a stand-alone SMTP appliance. For developers, the DSPAM core engine (libdspam) can be easily incorporated directly into applications for drop-in filtering.

Apache SpamAssassin:
It is the #1 Open Source anti-spam platform giving system administrators a filter to classify email and block spam (unsolicited bulk email). It uses a robust scoring framework and plug-ins to integrate a wide range of advanced heuristic and statistical analysis tests on email headers and body text including text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. Apache SpamAssassin is a project of the Apache Software Foundation (ASF). 
11 Identity Management OpenIDM:
It is an open standards based identity management solution. In addition to being open source, OpenIDM offers high flexibility in business process handling and compliance. A flexible user interface combined with a robust workflow engine make OpenIDM ready for any identity management project.

Apache Syncope:
It is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license

MidPoint:
It is the most comprehensive open-source Identity Management system currently available on the market. MidPoint is the basic building block of a complete Identity and Access Management solution.
12 Patch
Management 		WSUS Offline Update:
It is an open source and portable tool that could be used to create iso image file which contains all  available updates for all MS Windows and Office versions where each version's updates will be included in a separate iso image file with an automated installation tool.

WPKG:
It is an open source automated software deployment, upgrade and removal program for Windows.It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server (for example, Samba or Active Directory) to a number of workstations. It can run as a service to install software in the background (silent install), without user interaction. It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation

opsi:
It is an open source Client Management System for Windows clients and is based on Key features:
◾Automatic OS installation (unattended or image based)
◾Automatic software distribution and patch management
◾Hardware and software inventories
◾License management (cofunding project)
opsi server runs on Debian, Ubuntu, OpenSuse, SLES, CentOS, UCS and RHEL.
Linux servers

vFense:
An Open-Source Cross-Platform Patch Management and vulnerabiltiy correlation tool.
13 Forensic Analysis  
The Sleuth Kit® 
It is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open source and commercial forensics tools.
 

Autopsy® 
It is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python.

Unhide:
It is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.

XPLICO:
The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

PlainSight:
It  is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools. We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment.

SANS SIFT:
An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Incident Forensic Toolkit (SIFT) Workstation for incident response and digital forensics use and made it available to the whole community as a public service.
14 Vulnerability Assessment
The Open Vulnerability Assessment System, is a framework that combines multiple services and tools to offer vulnerability scanning and vulnerability management. The scanner is coupled with a weekly feed of network vulnerability tests, or you can use a feed from a commercial service. The framework includes a command-line interface (so it can be scripted) and an SSL-secured, browser-based interface via the Greenbone Security Assistant. OpenVAS accommodates various plug-ins for additional functionality. Scans can be scheduled or run on-demand.

Nexpost
Nexpose offers vulnerability scanning for very small organizations or individuals. It also comes in paid express, consultant and enterprise versions. Operating System:

Metasploit

Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.

NMAP:
Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
15 SIEM and NSA OSSIM:
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

LOGalyze:
It is an open source, centralized log management and network monitoring software. If you would like to handle all of your log data in one place, LOGalyze is the right choice. It supports Linux/Unix servers, network devices, Windows hosts. It provides real-time event detection and extensive search capabilities.

Security Onion:
It is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)