In many of my past writings I have mentioned using Sguil and have been an avid user of the solution. On that front, I would like to extend my congratulations to the core members of the team for their great success! It will be exciting to see it running on IOS!
Cisco Announces Agreement to Acquire Sguil™ Open Source Security Monitoring Project
Acquisition Furthers Cisco’s Vision for Integrated Security Products
SAN JOSE, Calif., and LONGMONT, Color., April 1st, 2008 – Cisco and the Sguil™ project today announced an agreement for Cisco to acquire the Sguil™ project, a leading Open Source network security solution. With hundreds of installations world-wide, Sguil™ is the de facto reference implementation for the Network Security Monitoring (NSM) model. Sguil™-based NSM will enable Cisco’s customer base to more efficiently collect and analyze security-related information as it traverses their enterprise networks. This acquisition will help Cisco to cement its reputation as a leader in the Open Source movement while at the same time furthering its long-held vision of integrating security into the network infrastructure.
Under terms of the transaction, Cisco has acquired the Sguil™ project and related trademarks, as well as the copyrights held by the five principal members of the Sguil™ team, including project founder Robert "Bamm" Visscher. Cisco will assume control of the open source Sguil™ project including the Sguil.net domain, web site and web site content and the Sguil™ Sourceforge project page. In addition, the Sguil™ team will remain dedicated to the project as Cisco employees, continuing their management of the project on a day-to-day basis.
To date, Sguil™ has been developed primarily in the Tcl scripting language, support for which is already present inside many of Cisco’s routers and switches. The new product, to be known as “Cisco Embedded Monitoring Solution (CEMS)”, will be made available first in Cisco’s carrier-grade products in 3Q08, with support being phased into the rest of the Cisco product line by 4Q09. Linksys-branded device will follow thereafter, though the exact deployment schedule has yet to be announced.
“We’re extremely pleased to announce this deal,” said Cisco’s Chief Security Product Manager Cletus F. Simmons. “For some time, our customers have told us that our existing security monitoring products did not extend far enough into their network infrastructure layer. Not only was it sometimes difficult to intercept and monitor the traffic, but there were often political problems at the customer site with deploying our Intrusion Detection Systems, as management had heard several years ago that they ere ‘dead’. Now, with Sguil™ integrated into all their network devices, they’ll have no choice!”
Although the financial details of the agreement have not been announced, Sguil™ developer Robert Visscher will become the new VP of Cisco Rapid Analysis Products for Security. “This deal means a lot to the Sguil™ project and to me personally,” Visscher explains. “Previously, we had to be content with simply being the best technical solution to enable intrusion analysts to collect and analyze large amounts of data in an extraordinarily efficient manner. But now, we’ll have the additional advantage of the world’s largest manufacturer of networking gear shoving it down their customers’ throats! We will no longer have to concern ourselves with mere technical excellence. Instead, I can worry more about which tropical island to visit next, and which flavor daiquiri to order. You know, the important things.”
About Cisco Systems
Cisco, (NASDAQ: CSCO), is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com.
About Sguil™
Sguil™ is the leading Network Security Monitoring (NSM) framework. It is built for network security analysts by network security analysts. Sguil’s main component is an intuitive GUI that provides access to a wide variety of security related information, including real-time IDS alerts, network session database and full packet captures. Sguil™ was written by Robert “Bamm” Visscher, who was apparently too cheap to buy a book on Java or C.
Again, congrats to the team... if you get a chance, please stop in at #snort-gui on freenode and say hi / congratulate the team.
Cheers,
JJC
Showing posts with label sguil. Show all posts
Showing posts with label sguil. Show all posts
Tuesday, April 1, 2008
Monday, March 17, 2008
HeX 1.0.3 LiveUSB Final (Bug Fixes)
I just finished the bugfix version of the HeX 1.0.3 Live (CNY Release) image.
You can get it (in torrent form) from the Security Torrent Depot at http://www.redsphereglobal.com:88/torrent.html?info_hash=77f31dbc8d641500530760e62f17d1a08e433b96 or you can get it from the below direct download site.
USA Site
MD5 (HeX-i386-1.0.3-final-usb.img.gz) = 5fb1498b3437fada0b38602324d8f5e0
Usage instructions are simple:
dd if=/path/to/HeX-i386-1.0.3-final-usb.img of=/path/to/usbstick/device bs=1M
Look for the new HeX 2.0 to be out soon, all based on FreeBSD 7.0R!
Note that some usb sticks will be smaller than others (even if it's "2G") and that even if you write it and dd produces an error saying that not enough space is available... this is OK and your HeX LiveUSB will still work fine.
Cheers,
JJC
You can get it (in torrent form) from the Security Torrent Depot at http://www.redsphereglobal.com:88/torrent.html?info_hash=77f31dbc8d641500530760e62f17d1a08e433b96 or you can get it from the below direct download site.
USA Site
MD5 (HeX-i386-1.0.3-final-usb.img.gz) = 5fb1498b3437fada0b38602324d8f5e0
Usage instructions are simple:
dd if=/path/to/HeX-i386-1.0.3-final-usb.img of=/path/to/usbstick/device bs=1M
Look for the new HeX 2.0 to be out soon, all based on FreeBSD 7.0R!
Note that some usb sticks will be smaller than others (even if it's "2G") and that even if you write it and dd produces an error saying that not enough space is available... this is OK and your HeX LiveUSB will still work fine.
Cheers,
JJC
Friday, February 29, 2008
Security Torrents
To fill the need to host and download multiple large security related torrents, I have put a tracker online at http://www.redsphereglobal.com:88. You will primarily find items on this site in the following categories:
Toolkits
Anything that I or various other contributing members find useful, relevant or fun with respect to security. Current items that will go into this category are the various HeX (all) releases and InProtect LiveUSB releases.
Distros
Any custom distributions that have been designed to fit security needs and/or perform specific tasks.
Packet-Captures
Any large packet captures or trace files that are obviously not going to fit on the www.openpacket.org site. There is one up there now, it is the malicious traffic that Richard Bejlich captured at the 2007 Shmoocon. This torrent was created and added by giovani...so a shout out goes to him!
Having said all of that, we will (as with all trackers) need seeders. So if you have a little extra bandwidth and/or want to contribute in any way please let us know!
Cheers,
JJC
Toolkits
Anything that I or various other contributing members find useful, relevant or fun with respect to security. Current items that will go into this category are the various HeX (all) releases and InProtect LiveUSB releases.
Distros
Any custom distributions that have been designed to fit security needs and/or perform specific tasks.
Packet-Captures
Any large packet captures or trace files that are obviously not going to fit on the www.openpacket.org site. There is one up there now, it is the malicious traffic that Richard Bejlich captured at the 2007 Shmoocon. This torrent was created and added by giovani...so a shout out goes to him!
Having said all of that, we will (as with all trackers) need seeders. So if you have a little extra bandwidth and/or want to contribute in any way please let us know!
Cheers,
JJC
Monday, December 3, 2007
HeX 1.0.1R LiveUSB Image
After receiving numerous requests to create a HeX Live USB Key Image, I have completed it. This image includes all of the standard tools that you will find on HeX and is writable; so you can update things (signatures etc), make changes and so on.
To use this tool, simply download it from the below location, decompress it and use dd to place it onto your USB Key. If you are not familiar with the dd syntax it's quite simple really; dd if=/path/to/extracted/hex-i386-1.0.1.usb.img of=/dev/da0 (your USB device). Note, that you should not dd this to a mounted partition, it will not work. You need to dd onto a USB Key that you don't mind losing the data on, because this will overwrite everything on that key. You can create a small partition after the dd (this of course assumes that you know how to do this, leaving the existing partition in-place) and have that to write data to etc...
This image does require a minimum 2G key (actually uses 1.75G), and has no minimum memory requirements (other than standard fbsd and X requirements).
https://secure.redsphereglobal.com/data/tools/security/live/hex-i386-1.0.1.usb.img.gz
http://secure.redsphereglobal.com:8080/data/tools/security/live/hex-i386-1.0.1.usb.img.gz
MD5 (hex-i386-1.0.1.usb.img.gz) = cd7489ba0a2a1fe824d286c72eee6842
SHA256 (hex-i386-1.0.1.usb.img.gz) = ffbb428145e0184d3848e45afee0d10ba41a4d9177688db10befc943dd4058f5
Please test this out and let me know how it works for you, or let the entire team at rawpacket.org know.
Regards,
JJC
To use this tool, simply download it from the below location, decompress it and use dd to place it onto your USB Key. If you are not familiar with the dd syntax it's quite simple really; dd if=/path/to/extracted/hex-i386-1.0.1.usb.img of=/dev/da0 (your USB device). Note, that you should not dd this to a mounted partition, it will not work. You need to dd onto a USB Key that you don't mind losing the data on, because this will overwrite everything on that key. You can create a small partition after the dd (this of course assumes that you know how to do this, leaving the existing partition in-place) and have that to write data to etc...
This image does require a minimum 2G key (actually uses 1.75G), and has no minimum memory requirements (other than standard fbsd and X requirements).
https://secure.redsphereglobal.com/data/tools/security/live/hex-i386-1.0.1.usb.img.gz
http://secure.redsphereglobal.com:8080/data/tools/security/live/hex-i386-1.0.1.usb.img.gz
MD5 (hex-i386-1.0.1.usb.img.gz) = cd7489ba0a2a1fe824d286c72eee6842
SHA256 (hex-i386-1.0.1.usb.img.gz) = ffbb428145e0184d3848e45afee0d10ba41a4d9177688db10befc943dd4058f5
Please test this out and let me know how it works for you, or let the entire team at rawpacket.org know.
Regards,
JJC
Friday, October 26, 2007
HeX 1.0.1 Release (Bug Fixes)
So, due to several flaws that people were experiencing with HeX 1.0R we are releasing an updated version (1.0.1). The fixes in this version include increased bootup speed; during the extraction and loading of the data into mfs /var, the IO process of several different system types was causing an apparent system hang, this has been resolved.
Another major issue that was occurring was with the msfweb not loading properly or not functioning when loaded. It turns out that this was actually a firefox related issue; deleting ~/.mozill/firefox and using the global Firefox configuration fixed the problem (note that this also fixed javascript issues in ntop and darkstat).
As geek00l says, we are "shamelessly" releasing this fixed version. As always please give it a roll and let us know if you experience any issues. You can report bugs using our Trac interface, the Mailing List or via IRC in #rawpacket on freenode.
Download URLs:
Cheers,
JJC
Another major issue that was occurring was with the msfweb not loading properly or not functioning when loaded. It turns out that this was actually a firefox related issue; deleting ~/.mozill/firefox and using the global Firefox configuration fixed the problem (note that this also fixed javascript issues in ntop and darkstat).
As geek00l says, we are "shamelessly" releasing this fixed version. As always please give it a roll and let us know if you experience any issues. You can report bugs using our Trac interface, the Mailing List or via IRC in #rawpacket on freenode.
Download URLs:
Cheers,
JJC
Thursday, October 18, 2007
HeX Live 1.0 Release
After 6 months of heavy development and debugging I am pleased to announce the release of the HeX Live CD 1.0 Release. What is HeX Live? HeX Live is the worlds first and foremost Network Security Monitoring & Network Based Forensics liveCD. The intent is to provide a wide array of highly usable tools in a pre-packaged format that the analyst can use to investigate and monitor real-time network activity, whether security related or in the course of reviewing traffic to determine bandwidth over utilization sources and so on...This will be the final major release of HeX LiveCD until the release of FreeBSD 7.0 Rel, this is of course pending no major bugs are located in HeX 1.0R. If there are any major bugs found, then a bug-fixed HeX will be released prior to FreeBSD 7.0 Rel.\\
For a detailed list of what applications can be found on HeX Live 1.0R check out the actual
project at rawpacket.org.I have also included in this posting the CD covers that were created by vickz, fantastic work man! You can download the HeX LiveCD 1.0R from the following locations:
I will try to get some decent screenshots posted soon so that everyone can see just how slick the HeX LiveCD 1.0R really is. I would also suggest that you download it and play with it. There are a good number of tools on here for packet monkeys of all ages and skill to have a good old time!
I'll leave it at that for now, and again would like to thank the community for their support and feedback throughout the development process of this tool.
Shout to Geek00l for organizing everything and kicking some a$$!
Shout to ch4flgs_ and zarul for everything!
Shout to all others involved in this project (esp for putting up with me)
Cheers,
JJC
Tuesday, July 17, 2007
Network Security Center and Toolkit on FreeBSD
Over the course of the next few weeks I will be publishing a comprehensive guide on the installation, securing, configuration and usage of a variety of Open Source security tools to create a comprehensive Network Security Center (NSC). The purpose of this security center will be to perform Network based IDS (NIDS), act as a server for Host based IDS (HIDS), perform vulnerability scanning reporting and management, and create a tool set for Network Security Analysis. All of this accomplished using a core Operating System of FreeBSD 6.2 and a variety of other Open Source applications that we will customize to fit our needs as we go.
I'll begin by covering the base installation and securing of the FreeBSD Operating System then over the following weeks step into the various sections of the NSC to build a truly robust solution.
If you would like to get a jumpstart, I will be using FreeBSD 6.2 obtained from www.freebsd.org (I also placed a copy of the i386 ISO here:)
https://secure.redsphereglobal.com/data/freebsd/6.2/6.2-RELEASE-i386-disc1.iso
The full guide to FreeBSD can be found at the following location, it would not hurt to read through and familiarize yourself with section 2 prior to the upcoming install post.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
I will also be working with the guys at rawpacket.org and their upcoming formal release of HeX Live. Currently HeX Beta v1.0 is available for download from one of the following sites for more information, please check out the site rawpacket.org
Primary Site
Mirror 1
JJC
I'll begin by covering the base installation and securing of the FreeBSD Operating System then over the following weeks step into the various sections of the NSC to build a truly robust solution.
If you would like to get a jumpstart, I will be using FreeBSD 6.2 obtained from www.freebsd.org (I also placed a copy of the i386 ISO here:)
https://secure.redsphereglobal.com/data/freebsd/6.2/6.2-RELEASE-i386-disc1.iso
The full guide to FreeBSD can be found at the following location, it would not hurt to read through and familiarize yourself with section 2 prior to the upcoming install post.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html
I will also be working with the guys at rawpacket.org and their upcoming formal release of HeX Live. Currently HeX Beta v1.0 is available for download from one of the following sites for more information, please check out the site rawpacket.org
Primary Site
Mirror 1
JJC
Subscribe to:
Posts (Atom)