보안

소프트웨어 보안 & 툴 팁 – 2018년 12월

이번 월간 포스트에서는, 5종의 보안 관련 제품에 대해 소개해 드리고자 합니다.

이번 달에는 다음의 항목들을 선정하였습니다:
* ModSecurity
* Snort
* OSSIM
* Nmap
* Osquery

ModSecurity


ModSecurity is a WAF module that can be used for various webservers such as Nginx, Apache and IIS.

ModSecurity 웹사이트 제공 정보:

ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.

웹사이트:

https://www.modsecurity.org/

Snort

Snort 웹사이트 제공 정보:

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching, and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

웹사이트:

https://www.snort.org/

OSSIM

OSSIM 웹사이트 제공 정보:

AlienVault® OSSIM™, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization, and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

웹사이트:

https://www.alienvault.com/products/ossim

Nmap

Nmap 웹사이트 제공 정보:

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).

웹사이트:

https://nmap.org/

Osquery

Osquery 웹사이트 제공 정보:

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL-based queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

웹사이트:

https://osquery.io/

Related posts

Internet of Medical Things: When Hacking becomes Life Threatening

Sjir Bagmeijer

What GDPR means to cloud service providers

Sjir Bagmeijer

SIEM을 사용하는 게 좋은 생각인 5가지 이유

Sjir Bagmeijer

이 웹사이트에서는 이용 환경 개선을 위해 쿠키를 사용합니다. 귀하께서 쿠키의 사용에 동의하시는 것으로 간주할 예정입니다만, 원하실 경우 철회를 하실 수 있습니다. 수락 더 읽어보기