Category: Network Security Page 1 of 2

Network security is the practice of protecting a computer network from unauthorized access, misuse, and attack. It involves a combination of hardware, software, and procedures to safeguard against threats such as hacking, malware, and phishing. Network security includes protecting against unauthorized access, data breaches, and ensuring the integrity and availability of data and devices on a network.

Suricata 7 Features You Need to Know

I am going to update you about much-anticipated release of Suricata 7, marking a significant milestone in the evolution of this high-performance Network Threat Detection, IDS, IPS, and Network Security Monitoring engine. The development team at the Open Information Security Foundation (OISF) and the vibrant community have worked tirelessly to bring forth a host of new features, performance improvements, and security enhancements.

Main Features

1. Enhanced Packet Processing with DPDK IDS/IPS Support

  • Suricata 7 introduces DPDK IDS/IPS 60 support for primary mode, enhancing packet processing capabilities and ensuring optimal performance.

2. Advanced AF_XDP IDS Support

  • Richard McConnell at Rapid7 contributes AF_XDP IDS 30 support, further expanding the engine’s capabilities for efficient and high-speed packet processing.

3. Extended HTTP/HTTP2 Inspection

  • New keywords for header inspection in HTTP/HTTP2 protocols provide enhanced visibility and control over web traffic.

4. TLS Improvements

  • Suricata 7 brings client certificate logging and detection in TLS, bolstering security measures for encrypted communications.

5. Bittorrent Parser

  • Aaron Bungay contributes a Bittorrent parser, adding support for this popular peer-to-peer file-sharing protocol.

6. Improved IPS Default DROP Behavior

  • Exception policies now default to DROP behavior, enhancing the default security stance for intrusion prevention.

7. EVE Documentation and Validation

  • Event (EVE) logging is documented and validated with a JSON schema, ensuring comprehensive and standardized event reporting.

8. Performance Improvements Across the Board

  • Suricata 7 boasts numerous performance improvements, including optimizations in file data processing, SMB, hash calculation, and flow management.

9. Stream Buffer Efficiency

  • The stream buffer, utilized by the stream engine, file tracking, and more, is now more memory-efficient, contributing to overall system optimization.

Secure Deployment and Security Enhancements

1. Linux Landlock Support

  • Eric Leblond introduces Linux Landlock support, enhancing the security posture of Suricata deployments.

2. Secure Settings by Default

  • Suricata 7 defaults to secure settings for Datasets and Lua, ensuring a robust and secure configuration out of the box.

3. Network Service Header

  • The addition of Network Service Header enhances network service identification, contributing to a more secure network environment.

Protocol and Rules Updates

1. Expanded Protocol Support

  • Suricata 7 adds support for QUICv1, GQUIC, PostgreSQL, VN-Tag, and IKEv1, among others, expanding the range of supported protocols.

2. Rule Keywords and Rule Set Updates

  • New rule keywords for DHCP, Kerberos, SNMP, TLS, QUIC, and experimental class of keywords through “frames API” have been introduced.

3. IPS Exception Policies

  • Exception policies have been added to provide better control over packet handling, especially in conditions like hitting memory caps.

Output and Dev Corner

1. Flexible Packet Capture

  • Conditional packet capture allows packets to be written to disk only after an alert has been triggered, providing flexibility in capturing relevant data.

2. Enhanced Logging and Debugging

  • The new “stream” EVE output type facilitates debugging of the stream engine, and log engine verdicts on rejected/dropped/passed packets for improved visibility.

3. Development Corner Updates

  • Suricata 7 includes total code changes, stricter C compiler flags, expanded CI, upgraded Rust parsers, and more, demonstrating a commitment to continuous improvement.

Upgrade Notes

1. Pcre2 Integration

  • Suricata 7.0 now uses pcre2 instead of pcre1 for regular expression matching.

2. Minimum Supported Rust Version

  • The MSRV (minimum supported Rust version) has been updated to 1.63.0 from 1.41.1 minimum in Suricata 6.0.

3. Library Updates

  • Support for Prelude (libprelude) has been removed, and Suricata 7.0 requires and bundles libhtp 0.5.45.

For more detailed information on upgrading from Suricata 6 to 7, refer to the official documentation [here](https://github.com/OISF/suricata/blob/master/Upgrading from 6 to 7).

In conclusion, Suricata 7 represents a substantial step forward in network security, with its comprehensive feature set, improved performance, and heightened security measures. The development team and the community continue to demonstrate their dedication to providing a robust and cutting-edge open-source security solution.

To experience the power of Suricata 7 firsthand, download the latest release here.

Suricata rules install karne ka tarika

Suricata rules ko install karne ke liye, neeche diye gaye kuch steps hain. Yeh steps Kali/Debian/Ubuntu Linux distribution ke liye hain. Agar aapka distribution alag hai, toh aapko package manager aur command mein thoda sa badlao karna hoga.

Suricata Install Kare:

1. Kali/Debian/Ubuntu Opreating Sysetm main Suricata install karne ke liye, terminal mein ye commands type karein:

sudo apt update

sudo apt install suricata

Installation process complete hone tak wait karein.

2. Suricata Rules Download Kare:

Suricata rules ko download karne ke liye aap Emerging Threats ya Snort Community ke official websites se rules ko obtain kar sakte hain. Yeh rules Suricata ke liye compatible hote hain. Ek popular source hai

Emerging Threats Open Rules:

sudo suricata-update update-sources

sudo suricata-update enable-source et/open

sudo suricata-update

Isse Suricata rules updated ho jayenge.

3. Suricata Configuration File Ko Update Kare:

Suricata ko aapke system ke requirements ke Mutabiq configure karna important hai. Configuration file Zada tar /etc/suricata/suricata.yaml mein hoti hai. Aap is file ko text editor se edit kar sakte hain, jaise ki nano:

sudo nano /etc/suricata/suricata.yaml

File mein default-rule-path ya rule-files section ko check karein aur yeh confirm karein ki yeh rules ke liye sahi path ko point kar rahe hain.

4. Suricata Restart Kare:

Configuration changes ke baad Suricata ko restart karein:

sudo service suricata restart
  1. Restart ke baad, Suricata rules apply hokar traffic monitor karna shuru karega.

Yeh tarike aapko Suricata rules ko install karne mein madad karenge. Dhyan rahe ke security ke liye suricata properly configured aur regularly updated rehna chahiye.

Cybercriminals Exploit Chinese Surveillance Cameras for Profit

Cybercriminals Exploit Chinese Surveillance Cameras for Financial Gain

A multitude of surveillance cameras, numbering in the tens of thousands, have neglected to address a critical security vulnerability that has persisted for 11 months, consequently leaving numerous organizations susceptible to potential breaches.

Recent research findings reveal that a staggering 80,000 Hikvision surveillance cameras worldwide remain vulnerable to an 11-month-old flaw that enables command injection attacks.

Hikvision, an abbreviation for Hangzhou Hikvision Digital Technology, represents a Chinese government-owned enterprise specializing in the production of video surveillance equipment. Despite the Federal Communications Commission (FCC) denoting Hikvision as “an unacceptable risk to U.S. national security” in 2019, their clientele spans across more than 100 countries, including the United States.

In the autumn of the previous year, the discovery of a command injection vulnerability in Hikvision cameras prompted the assignment of the Common Vulnerabilities and Exposures (CVE) identifier CVE-2021-36260. This particular exploit received a critical severity rating of 9.8 out of 10 from the National Institute of Standards and Technology (NIST).

Alarming as it may be, even after nearly a year has elapsed since the exposure of this vulnerability, a substantial number of affected devices, exceeding 80,000 in quantity, remain unpatched. Disturbingly, researchers have unearthed multiple instances of hackers seeking to collaborate in exploiting the command injection flaw present in Hikvision cameras. These collaborative efforts have predominantly materialized within Russian dark web forums, where leaked credentials associated with the vulnerable devices have been offered for sale.

The full extent of the damage inflicted thus far remains uncertain. The authors of the report could merely speculate that various threat groups originating from China, such as MISSION2025/APT41, APT10, and their affiliates, alongside unidentified Russian threat actors, possess the potential to exploit the vulnerabilities present in these devices for their own objectives, which may include geopolitical considerations.

The Vulnerabilities Inherent in IoT Devices

When confronted with accounts such as this, it is tempting to attribute the negligence of individuals and organizations who fail to patch their software to mere laziness. However, the reality is often far more complex.

According to David Maynor, the senior director of threat intelligence at Cybrary, Hikvision cameras have remained vulnerable due to a multitude of factors, and this susceptibility has persisted for a considerable period. Maynor asserts that the products manufactured by Hikvision contain systemic vulnerabilities that are easily exploitable, or even worse, rely on default credentials. Furthermore, the absence of effective means to conduct forensic analysis or verify the complete removal of an attacker further compounds the security challenges. Significantly, no discernible indication of an enhanced security posture within Hikvision’s development cycle has been observed.

This problem transcends Hikvision alone, afflicting the entire industry. Paul Bischoff, a privacy advocate affiliated with Comparitech, emphasized the inherent difficulties in securing Internet of Things (IoT) devices such as cameras, noting that they do not possess the same ease of securing as applications on mobile phones. Unlike smartphones, which promptly notify users of available updates and often install them automatically upon reboot, IoT devices necessitate manual downloading and installation of updates, a task that many users overlook. Moreover, IoT devices frequently fail to provide any indications of being unsecured or outdated, further exacerbating the issue.

While unsuspecting users remain oblivious, cybercriminals can exploit vulnerable devices by scanning for them using search engines like Shodan or Censys. The problem is further compounded by users’ negligence, as Bischoff highlighted, due to the fact that Hikvision cameras are shipped with a limited set of predetermined passwords, and a significant number of users neglect to modify these default credentials.

what is arkime (moloch)?

Arkime, formerly known as Moloch, is a powerful tool for full packet capture and analysis. It offers a wide range of features that make it a must-have tool for network security professionals. Some of the main features of Arkime include:

  1. Packet capture: Arkime can capture all network traffic passing through a particular network interface, allowing security analysts to analyze the traffic and identify potential threats.
  2. Indexing and search: Arkime uses Elasticsearch to store and index captured packets, which makes it easy for analysts to search for specific packets or packets containing specific patterns or keywords.
  3. Web-based user interface: Arkime includes a powerful web-based user interface that allows analysts to search and analyze captured traffic, as well as visualize network traffic data in real-time. The user interface is highly customizable, and analysts can create custom dashboards and visualizations to meet their specific needs.
  4. Advanced analysis capabilities: Arkime can perform advanced network traffic analysis, including protocol decoding, session reassembly, and file carving. This makes it possible for analysts to detect and investigate a wide range of security threats, including malware, phishing attacks, and data exfiltration.
  5. Support for multiple file formats: Arkime can capture and analyze a wide range of network protocols, including TCP, UDP, HTTP, and SSL. It also supports a variety of file formats, including PCAP, JSON, and ASCII.
  6. Scalability: Arkime is designed to be highly scalable, and it can be deployed in large-scale environments. It can handle large amounts of network traffic data, making it suitable for use in high-bandwidth environments.

Overall, Arkime is a comprehensive tool that offers a wide range of features for full packet capture and analysis. Its advanced analysis capabilities, support for multiple file formats, and scalability make it a must-have tool for any organization that needs to monitor and secure its network.

What is Kali Linux Purple?

Kali Linux 2023.1 is a popular Linux distribution that is used by security professionals and hackers alike to test the security of computer systems and networks. It comes with advanced penetration testing tools and techniques that can help users identify vulnerabilities in their systems.

The new Kali Linux 2023.1 release features a new flavor of the distribution called Kali Linux Purple. This new flavor is focused on purple teaming and defense, rather than just red teaming or offensive security. The Kali Linux Purple distribution aims to provide a security operations center (SOC) all in one great machine.

Kali Linux Purple comes with over a hundred new defensive tools, including Archive for Full Packet Capture, Cyber Chef, Elastic, The Hive, GVM, Malcolm, Suricata, and Zeek. It also includes Cali Autopilot, a tool for automating attacks, and Cali Purple Hub, a platform for the community to share practice packet captures.

To download Kali Linux Purple, you need to create a virtual machine manually from the ISO file which is available for download from the Kali Linux website. The ISO file is about 3.5 GB in size.

The new Kali Linux 2023.1 release features an updated kernel version 6.1.0 and updated desktop environments for XFCE, KDE, and GNOME. It also includes new features and improvements such as new sub-menus for identify, protect, detect, respond and recover.

Kali Linux is an open-source operating system that has been designed to provide users with advanced penetration testing tools and techniques. It is widely used by security professionals and hackers alike to test the security of computer systems and networks.

The new Kali Linux Purple distribution has been specifically designed to help security professionals improve their defensive capabilities by providing them with a range of powerful tools and techniques that can be used to detect and respond to cyber threats.

If you are interested in learning more about Kali Linux or would like to download the latest version of the operating system, you can visit the official Kali Linux website at https://www.kali.org/

Page 1 of 2

Powered by WordPress & Theme by Anders Norén