The mystery surrounds breach of NSA-Like spying tool set alerts security vendor. The world has been changed even though government without exception! The focus of everyone of this headline news might be the flaw of firewall vendors, right? Not sure whether you have chance to read the mystery NSA-Like spying tool documents? The critical guideline to the spy is that how to avoid people tracing them. To be honest, this is a unprecedented example which government teach the hacking technique. Below details is the example for your reference (For more details about these documents, please use your own way to download.)
!!! WARNING: Firewall logs everything !!!
!!! If you see “info-center loghost X.X.X.X” during a sampleman, DO NOT IMPLANT !!!
!!! Unless we own the syslog server !!!
!!! SNMP traps will also log our activity !!!
!!! SNMP traps going into system-view !!!
Target Firewall vendor
Regarding to the document (sampleman_commands.txt), the target Firewall vendors are Cisco, Juniper & HUAWEI. It is not difficult to understand what’s the reason those brand names are included in the list. Yes, it is because of the market share. They are the tycoon brand name. Besides, their design architecture sometimes has similarity. Per my observation, they make use of the instruction pipeline technique. The instruction in a pipelined processor are performed in several stages. Data hazards occur when instructions that exhibit data dependence modify data in different stages of a pipeline. There are three situations in which a data hazard can occur:
- read after write (RAW), a true dependency
- write after read (WAR), an anti-dependency
- write after write (WAW), an output dependency
I agree with that the firewall system design or flaws are the responsibilities of Firewall vendors. Since hardware vendor not aware they are vulnerable until scandal open to the world. From consumer’s point of view, is there any preventive control to alert customers?
How important of SIEM today?
An hints written on document stated that they are concerning targets to trace their IP locations. The critical point is that both syslog and SNMP server must compromised. Otherwise they need to find another alternative. The story can tell how important of SIEM today!
SIEM solutions boots cyber safety world today
Key features of SIEM:
Real time alerting
1. Rule-based alerts with dashboard and email notification
2. Alert annotation
3. Pre-configured alerts for hundreds of security and operational conditions
For your choice to select suitable SIEM product , please refer below.
Gartner Magic Quadrant for Security Information and Event Management analysis report