Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NSA Releases Open Source Network Security Tool for Linux


  • Please log in to reply
12 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:23 AM

Posted 17 July 2015 - 05:28 PM

 

The United States National Security Agency (NSA) has released a network security tool for Government and the private sectors to help secure their networks against cyber attacks.
 
Dubbed Systems Integrity Management Platform (SIMP), the tool is now publicly available on the popular source code sharing website GitHub.
 
According to an official release from NSA, SIMP makes it easier for government organizations and the private sector to "fortify their networks against cyber threats."
 
 

SIMP aims at providing a reasonable combination of security compliance and operational flexibility, keeping networked systems compliant with security standards and requirements. It is considered to be a critical part of a layered, "defence-in-depth" approach to information security.
"By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: The wheel would not have to be reinvented for every organization," says the NSA.
Currently, SIMP supports operating systems including Red Hat Enterprise Linux (RHEL) Versions 6.6 and 7.1 as well as Community Enterprise Operating System (CentOS) Versions 6.6 and 7.1-1503-01.
 
Is the NSA’s SIMP tool Backdoored?
 
The question here is not how much security NSA's tool offers, but the question is -- Shall we trust NSA tool?
NSA Releases Open Source Network Security Tool for Linux

 

I cant wait to try out this bit of software, I am sure there are no back doors created by the NSA. :hysterical:



BC AdBot (Login to Remove)

 


#2 Encryption

Encryption

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 17 July 2015 - 05:34 PM

I don't trust it. It's the NSA... Their lies have been exposed before, why trust them now?



#3 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:23 AM

Posted 18 July 2015 - 01:37 AM

I don't trust it. It's the NSA... Their lies have been exposed before, why trust them now?

+1! :thumbup2:

 

I don't believe anything that comes from the NSA. Who knows, this tool may install a backdoor in the OS to monitor activity. The NSA is against the average citizen, if they had their way, we'd not be allowed to have encrypted devices of any type, including Flash & backup drives. 

 

 

 

I cant wait to try out this bit of software, I am sure there are no back doors created by the NSA.  :hysterical:

 

I hear you, Nick! :P

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#4 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:11:23 AM

Posted 18 July 2015 - 10:14 PM

 

 

The United States National Security Agency (NSA) has released a network security tool for Government and the private sectors to help secure their networks against cyber attacks.
 
Dubbed Systems Integrity Management Platform (SIMP), the tool is now publicly available on the popular source code sharing website GitHub.
 
According to an official release from NSA, SIMP makes it easier for government organizations and the private sector to "fortify their networks against cyber threats."
 
 

SIMP aims at providing a reasonable combination of security compliance and operational flexibility, keeping networked systems compliant with security standards and requirements. It is considered to be a critical part of a layered, "defence-in-depth" approach to information security.
Currently, SIMP supports operating systems including Red Hat Enterprise Linux (RHEL) Versions 6.6 and 7.1 as well as Community Enterprise Operating System (CentOS) Versions 6.6 and 7.1-1503-01."By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: The wheel would not have to be reinvented for every organization," says the NSA.
 
Is the NSA’s SIMP tool Backdoored?
 
The question here is not how much security NSA's tool offers, but the question is -- Shall we trust NSA tool?
NSA Releases Open Source Network Security Tool for Linux

 

I cant wait to try out this bit of software, I am sure there are no back doors created by the NSA. :hysterical:

 

 

Oh man that is a good one! I would bet money on the theory that the entire reason they created it was to watch us darn Linux users! :bounce:


Edited by DeimosChaos, 18 July 2015 - 10:14 PM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#5 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:23 AM

Posted 18 July 2015 - 10:52 PM

 

Is the NSA’s SIMP tool Backdoored?

Im sure it is, As I am sure that Windows and IOS are.
 

The question here is not how much security NSA's tool offers,

I bet it works quite well.

 

 

but the question is -- Shall we trust NSA tool?

 As long as it is my choice to install it, I would trust this tool do do exactly what it says it will do.

 

Look folks lets be honest here, If the NSA or CIA or MI6 or ASIO or  " Insert security service here " wants you they will get you, No matter what, Today you can't run or hide for long, No matter who you are or how much money you have, They will find you if they want you.

 

If reading my emails and seeing what I do online or them turning on my cam as I get out of the shower makes the world a safer place then so be it. :hysterical:



#6 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:11:23 AM

Posted 18 July 2015 - 11:15 PM

 

 

If reading my emails and seeing what I do online or them turning on my cam as I get out of the shower makes the world a safer place then so be it. :hysterical:

 

 

:hysterical:

 

In all seriousness though, I agree with you there. If they want to watch what I am doing then go right ahead! I am a pretty boring person so its not like they are going to find much!


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#7 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:23 AM

Posted 19 July 2015 - 01:10 AM

 

In all seriousness though, I agree with you there. If they want to watch what I am doing then go right ahead! I am a pretty boring person so its not like they are going to find much!

 

+1! :thumbup2:

 

They'll be yawning looking at me very fast. :P

 

There was once a day when criminals could roam free behind the shield of the Internet, in recent years, that's changed. Now much everything is in the open, with all of the watching going on, keeping in mind that Microsoft, used by 90+% of all Internet users, was the very first PRISM member. Chances are, many of us has been watched briefly at some point & doesn't realize it, and never will. 

 

Linux users aren't off the hook, we too can be watched by the very long arm of authorities, using our ISP's logs to do so. Or through a backdoor in our computer's firmware. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#8 rp88

rp88

  • Members
  • 2,980 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:23 PM

Posted 19 July 2015 - 01:14 PM

"Is the NSAs SIMP tool Backdoored?"


Personally I would guess it is not, they have, as said in the first post here, released the source code of the program, not just the program itself. If you put yourself in their position for a moment you can see that it wouldn't be beneficial to them to share a source code containing a backdoor because by doing so they would reveal a backdooring method, and hence they would find it harder to backdoor other things in future without being noticed. Releasing source code for a program which had been backdoored would be like Alan Turing and his colleagues sending a message to Hitler in 1944 saying "Ha, Ha, we broke enigma.".

Edited by rp88, 19 July 2015 - 01:15 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#9 marcoose777

marcoose777

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 19 July 2015 - 05:56 PM

SIMP is that a euphemism for the targeted user base group: SIMPleton or just plain SIMPle :crazy:



#10 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:23 AM

Posted 20 July 2015 - 01:08 AM

SIMP is that a euphemism for the targeted user base group: SIMPleton or just plain SIMPle :crazy:

 

That doesn't appear as such on the page for it. 

 

 

 

System Integrity Management Platform (SIMP) IMPORTANT

This project is only approved for material that is completely releasable to the public.

Please do not upload material that has not been approved for public release.

 

Looking at the source page, only Red Hat Enterprise Linux & CentOS (the latter is the Preview to the first) are covered by this, which again, both would fall way out of any 'simpleton' distros, CentOS is one of the harder to learn. Anyone whom can run that OS as intended & knows what to do with it, are basically running the next gen of Red Hat, and shouldn't be in the unemployment line for long. 

 

It appears to not be ready to roll yet, so we'll have to keep an eye on it for further news. 

 

https://github.com/NationalSecurityAgency/SIMP

 

Knowing how government works in the US, it may be some time before the project is released, and even longer before it's usable with Ubuntu based distros.  :P

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#11 marcoose777

marcoose777

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:23 PM

Posted 20 July 2015 - 07:32 PM

 

SIMP is that a euphemism for the targeted user base group: SIMPleton or just plain SIMPle :crazy:

 

That doesn't appear as such on the page for it. 

 

 

 

System Integrity Management Platform (SIMP) IMPORTANT

This project is only approved for material that is completely releasable to the public.

Please do not upload material that has not been approved for public release.

 

Looking at the source page, only Red Hat Enterprise Linux & CentOS (the latter is the Preview to the first) are covered by this, which again, both would fall way out of any 'simpleton' distros, CentOS is one of the harder to learn. Anyone whom can run that OS as intended & knows what to do with it, are basically running the next gen of Red Hat, and shouldn't be in the unemployment line for long. 

 

It appears to not be ready to roll yet, so we'll have to keep an eye on it for further news. 

 

https://github.com/NationalSecurityAgency/SIMP

 

Knowing how government works in the US, it may be some time before the project is released, and even longer before it's usable with Ubuntu based distros.  :P

 

Cat

 

 

Just feeling the trust, I'm sure there's an army of redhat network admins out there who cannot wait to get their hands on this damn fine software.Paid for by US tax payers I may add ... :grinner: Ububtu users should count their lucky stars.

 

Seriously tho, this may well be a genuinely altruistic gesture, and not just another SkyNet


Edited by marcoose777, 20 July 2015 - 07:34 PM.


#12 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:23 AM

Posted 21 July 2015 - 02:49 AM

It's my hope that it's a good piece of software, not a spyware that leaves traces of itself behind in hidden areas, and that a version for consumer type versions of Linux will be released if proven to be clean. 

 

Ubuntu based distros being the most popular among home users, it'll be priority to get such a tool to this group ASAP. On the other hand, speaking of being paid for by US taxpayers, much of our tax dollars are wasted, we can only hope this is an exception to that rule & that it contains no spyware. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#13 Naught McNoone

Naught McNoone

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great White North
  • Local time:11:23 AM

Posted 23 July 2015 - 12:20 PM

"Is the NSAs SIMP tool Backdoored?"

. . . they have . . . released the source code . . . wouldn't be beneficial . . . to share . . . code containing a back door . . . 

 

I would not trust the NSA.  Especially after Linus gave them the finger!

 

I would think that someone at Red Hat is already looking at the source code, to see what it contains.

 

It would be a simple test to take the published source code, compile it, and see if it matches the program they are releasing.

 

If there is a difference, then you know they have put something else in there!

 

Cheers!

 

Naught






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users