原文地址:http://www.linux.com/news/software/applications/797378-10-open-source-security-software-tools
源自Google,Facebook,Netflix和Cisco的十個開源安全工具
Choice has long been a defining feature of the world of free and open source software,
選擇世界上自由的開源安全軟件一直是一個重要話題
and the constellation of options only gets bigger every year. Often it's brand-new projects causing the increase,
伴隨這新品牌的出現,供選擇的對象年復一年地增加.
but sometimes the growth happens in another way, when tools that were developed for a company's internal use get opened up for all the world to see, use and improve.
但是有些時候安全軟件數量卻以另外一種方式增長:一個被用於公司內部的而開發的工具被世界,發現,使用,並且增強.
That, in fact, is just what has been happening lately on a grand scale in the security arena, where numerous major companies have been opting to open the doors to their own, in-house tools.
事實上,這正是發生在安全領域的一個規模宏達的事件:很多著名公司決定公開它們的內部工具.
Google, Facebook and Netflix are all among the companies taking this approach lately, and it's changing the security landscape significantly.
Google,Facebook和Netflix就是最近採取了這種方法的公司,它們明顯地改變了安全界的格局
"Security is never going to work if it continues in a vacuum, with everyone keeping their tricks and observations secret,"
“如果每個人都封存技巧,偷窺祕密,繼續處與封閉狀態,安全永遠不會有進步”
McCall Paxton, a security consultant with Netlogx, told Linux.com.
Netlogx的安全顧問McCall Paxton,對Linux.com說
"People like me earn our living in security, but we will continue to be outpaced and collectively outsmarted unless more things become open source. From monitoring programs to tools, it boils down to time -- none of us has it alone, but we have it in spades when we are together.
“像我這樣以安全事業爲生的人,除非有更多的軟件開放源代碼,否則我們將繼續被超越,例如時間創作的監聽工具,沒有人完全擁有它,是我們共同塑造了他”
"You can have a very strong team of 20 people working on your security product, or you can leverage not only your dedicated team but the thousands of people who are a part of the open source community," Paxton added. "In essence, you have just increased your team a hundredfold."
“你可以擁有一個強大的具有的20人團隊爲你的安全產品工作,或者你可以擴充爲具有1000個願意爲開源事業工作的人組織.”Paxton補充到,”從本質上講,你只是把你的團隊擴大了一百倍”
Ready for a rundown of some of the key security products to join the open source world recently? There's definitely no shortage.
準備好將一些關鍵安全產品加入開源世界了嗎?絕對是百利無一害的.
10 Newly Open Source Security Tools
十個新的開源安全工具
* Nogotofail. Originally built by Google's Android security team, Nogotofail "provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations,"
*Nogotofail.最初由Google的安卓安全團隊開發,Nogotofail 提供了一個簡單的基於 TLS/SSL 漏洞和錯誤配置的方式確定磁盤上安裝的應用程序是否安全
in the words of Chad Brubaker, an Android security engineer. The tool works for Android, iOS, Linux, Windows, Chrome OS and OSX.
就安卓安全工程師Chad Brubaker的話來看,這個工具可以在 Android, iOS, Linux, Windows, Chrome OS 甚至 OSX平臺下工作.
"We’ve been using this tool ourselves for some time," Brubaker explained earlier this month. "Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet."
“我們曾經自己使用這個工具,”Brubaker 在這個月初說道,”今天,我們把他提升爲一個開源工程,因此,所有人都可以測試他,貢獻新的特點,提供更多的支持平臺,並且幫助提高互聯網安全”
* Osquery. Facebook's Osquery, meanwhile, targets enterprises with a tool focused on SQL-powered operating-system instrumentation and analytics.
*Osquery. 屬於Facebook,同時,它也爲很多企業提供了一個有力的專注於SQL系統的分析檢測工具.
"With Osquery, you can use SQL to query low-level operating-system information," the project site explains. "Under the hood, instead of querying static tables, these queries dynamically execute high-performance native code. The results of the SQL query are transparently returned to you quickly and easily."
“利用Osquery,你可以使用SQL查詢系統底層的信息,”這個項目網站上描述道,”用高性能的動態本地算法代替靜態表引擎,這使得SQL查詢能快速,簡單,清晰地反饋給你”
* Security Monkey, Scumblr, Sketchy. Netflix has been on a roll when it comes to open sourcing software in general. In June it was Security Monkey that got open sourced, with a focus on monitoring and analyzing the security of Amazon Web Services configurations. More recently, it was Scumblr and Sketchy, two security-related Web applications.
*Security Monkey,Scumblr,Sketchy.當談到開源軟件時,Netflix公司已經箭在弦上,.用於檢測和分析亞馬遜網絡服務配置的安全性的Security Monkey 在六月宣佈開源.最近,Scumblr 和Sketchy,兩個安全相關的網絡應用程序也宣佈開源.
* RAPPOR. Also from Google, RAPPOR -- short for Randomized Aggregatable Privacy-Preserving Ordinal Response -- is designed to anonymously crowdsource statistics from end-user client software without invading users' privacy.
*RAPPOR,同樣是來自Google,簡短的隨機化集合響應隱私保護,它被設計成以匿名包的方式從終端獲取數據而不侵犯用戶隱私
In the words of its creators, "RAPPORs allow the forest of client data to be studied, without permitting the possibility of looking at individual trees."
用創作者的話來說,”RAPPOR允許對客戶端的數據進行研究,而不允許看特定目錄.
* OpenSOC. Just last week, Cisco announced an open source security analytics framework called OpenSOC.
*OpenSoc.就在上個星期,Cisco 公佈了OpenSoc的安全分析框架開放源代碼.
Aimed at helping organizations leverage big data for security, the new tool provides a platform for the application of anomaly detection and incident forensics to data loss.
這個新工具提供了一個對應用程序數據丟失進行異常檢測和事故取證的平臺.它旨在幫助企業安全得利用大數據.
"By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation,"
“,像Storm,Kafka通過綜合衆多的hadoop系統元素,或者像Elasticsearch,OpenSoc提供了可擴展平臺整合能力,例如完整的數據包捕獲標引,存儲器,數據豐富,流處理,批量處理,實時搜索和遙測聚集”
explained Pablo Salazar, a Cisco security solutions manager.
Cisco的安全解決方案經理Pablo Salazar說到
"It also provides a centralized platform to effectively enable security analysts to rapidly detect and respond to advanced security threats."
“它還提供了一個集中的平臺,使安全分析師能能有效的快速檢測出安全威脅並作出反應.”
* Firing Range. Also last week, Google released Firing Range, an open source security scanning tool.
*Firing Range. 也是在上個星期,Google 發佈了一個開源的安全掃描工具:Firing Range.
explained Claudio Criscione, a security engineer at Google."The scanner is built entirely on Google technologies like Chrome and Google Cloud Platform, with support for the latest HTML5 features, a low false positive rate and ease of use in mind,"
Google的安全工程師 Claudio Criscione說道:”和Chrome和谷歌雲平臺一樣,這個掃描器是完全建立在Google的技術之上的,它提供了最新的HTML5支持,並且具有低的誤報率和易用性.”
* Conceal. Also from Facebook is Conceal, an open source tool released earlier this year that's essentially a set of Java APIs to perform cryptography on Android and make storage more secure and lightweight.
*Conceal.也是來自Facebook,在今年早些時候發佈了一個開源工具,本質上是一組Java API來在Android上進行加密,使存儲更加安全,輕便。
"We created Conceal to be small and faster than existing Java crypto libraries on Android while using memory responsibly," explained Facebook software engineer Subodh Iyengar.
“當我們使用內存負責時,它在Android上建立隱藏式小,比現有的Java加密庫更快”Fackbook的軟件工程師Subodh Iyenger說道
* VirusTotal. Last but not least, it's also worth mentioning Google's free VirusTotal online scanning service. After open sourcing its uploader for Mac OSX and Linux in July, VirusTotal earlier this month rolled out a new tool focused specifically on Linux malware.
*VirusTotal.最後並非最不重要.它也是值得一提的Google免費在線掃描服務.經過七月份針對Mac OSX和Linux開源上傳,VirusTotal服務在本月初推出了專門針對Linux上的惡意軟件一種新的工具。