Risk
7/22/2010
11:29 AM
Connect Directly
RSS
E-Mail
50%
50%

DHS Releases Intrusion Detection Software

Suricata, developed by the Department of Homeland Security-funded Open Information Security Foundation, is available under the GPLv2 license.

A Department of Homeland Security (DHS)-funded foundation has released open source software for detection and prevention of network intrusions.

The Open Information Security Foundation (OISF) -- funded by the Navy's space and warfare command, security vendors, and the DHS -- has released source code for the Suricata Engine.

The engine is meant to "bring new ideas and technologies" to the field of intrusion prevention and detection, not merely replace or emulate existing tools, according to the OISF website. Intrusion detection and prevention technology monitors networks for suspicious or malicious activity.

Suricata uses the same ruleset as Snort, another free and open source intrusion detection and prevention technology. However, the group claims on its website that Suricata has "other capabilities above and beyond the standard Snort rulesets."

The Suricata Engine, as well as HTP Library, are available under the GNU General Public License v2. The HTP Library is required for integrating and providing advanced processing of http streams for Suricata. People also can use it independently for other applications and tools, according to the OISF.

As well as being a primary funder, the DHS directorate for science and technology homeland open security technology (HOST) program also oversees OISF. The foundation is meant to engage in "cutting-edge security technology research," according to its website.

The DHS funds numerous IT projects through a variety of grants, and it's likely their backing of OISF was a part of this activity. It's unclear whether the agency plans to use Suricata internally, and DHS spokespeople did not respond immediately to a question about plans to do so.

Security vendors backing the OISF include Everis, Breach Security Labs, and NitroSecurity.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.