Resources for Cybersecurity Professionals

• • The Logic Behind Russian Military Cyber Operations  This Booz Allen Hamilton report address cyber threat intelligence analysis from the past 15 years of open source information looking at links between Russia’s military intelligence agency activities and the country’s stated military doctrine.
  • Cyber Discovery Virtual Cyber School in the form of games, this new resource teaches children to try over 200 cybersecurity challenges based around cracking codes, finding and fixing security flaws and dissecting digital trails left behind by criminals, all as part of a game, learning the concepts and ideas that real agents use when dealing with real cyberattacks.
  • Microsoft Office 365 Security Recommendations (AA20-120A) As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of these platforms. This Alert is an update to the Cybersecurity and Infrastructure Security Agency’s May 2019 Analysis Report, AR19-133A: Microsoft Office 365 Security Observations, and reiterates the recommendations related to O365 for organizations to review and ensure their newly adopted environment is configured to protect, detect, and respond against would be attackers of O365.  Mitigations include: enable multi-factor authentication for administrator accounts, assign administrator roles using Role-based Access Control (RBAC), enable unified audit log (UAL), enable multi-factor authentication for all users, disable legacy protocol authentication when appropriate, enable alerts for suspicious activity, incorporate Microsoft Secure Score, and integrate logs with your existing SIEM tool.
  • IC3 Releases Alert on Extortion Email Scams The Internet Crime Complaint Center (IC3) has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. CISA encourages everyone to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.
  • Electronic Security Industry Cross Sector Council (ESI-CSC) InfraGard National established cross sector facility security readiness grading criteria and reporting upstream data to appropriate federal sector information analysis channels. Initial ESI-CSC awareness efforts include the establishment of a steering committee comprised of current InfraGard members with sector specific subject matter expertise and electronic security industry experience as co-chairs in each sector.  

Free and low-cost tools for NIST Compliance

Keep in mind that the tools mentioned here will not work for all organizations and there are many other commercial and high-cost tools that can be used to help with NIST compliance. With that, let’s begin a tour of free and low-cost software tools that can help your organization.

 

Credit Card Detection Software

CDE scoping, including identifying and defining where payment cards are stored, is critical for compliance. The following free and low-cost tools can be used to search your networks and systems for payment card data:

• SENF: https://security.utexas.edu/senf-sensitive-number-finder
• Powergrep: http://www.powergrep.com
• CCSRCH: https://adamcaudill.com/ccsrch/

 

File Integrity Monitoring

Organizations are required to implement file-integrity monitoring tools that alert employees to unauthorized modifications of critical system, configuration, and content files. The following free file integrity monitoring tools can be used for this requirement:

• OSSEC: http://www.ossec.net (also does centralized logging and host IDS)
• Samhain: http://la-samhna.de/samhain (also does centralized logging and host IDS)
• Ftimes: http://ftimes.sourceforge.net/FTimes

 

Application Software Security

 

• OWASP Top 10 Project: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
• Samurai WTF: http://www.samurai-wtf.org/

 

Limitation and Control of Network Ports, Protocols, and Services

 

• Nessus: https://www.tenable.com/
• Nmap: https://nmap.org
• OpenVAS: http://www.openvas.org/
• WSUS-Windows Server Update Services

 

Inventory of Authorized and Unauthorized Software

HIDS

• Nessus: https://www.tenable.com/
• Nmap: https://nmap.org/
• OpenVAS: http://www.openvas.org/
• Splunk: https://www.splunk.com/
• Qualys BrowserCheck: https://browsercheck.qualys.com/

 

IDS/IPS

Organizations may want to implement intrusion-detection systems (IDS) and/or intrusion-prevention systems (IPS) to monitor all traffic at the perimeter of the data environment (DE) and at critical points inside the DE. The following free IDS/IPS tools can be used for this requirement:

• OSSEC: http://www.ossec.net/
• Samhain: http://la-samhna.de/samhain
• Snort: http://www.snort.org
• Suricata: http://openinfosecfoundation.org/index.php/download-suricata
• ATT Cybersecurity: https://www.alienvault.com/products/ossim
• Open Onion: https://securityonion.net/

 

Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

 

• Hardening Guides from Center for Internet Security
• Microsoft Security Compliance Manager
• MBSA
• Nessus
• Nmap

 

Securing and Synchronizing Router Configuration Files

Secure and synchronize router configuration files. The following free tool can be used to meet this requirement:

• RANCID: http://www.shrubbery.net/rancid
• NSA Security Guides for Cisco Routers and Switches: https://scadahacker.com/library/index.html
• Center for Internet Security (CIS) Security Benchmarks: https://www.cisecurity.org/cybersecurity-tools/
• DISA STIGs: https://www.stigviewer.com/stigs

Wireless Assessment

Organizations should regularly detect and identify wireless access points (WAPs) within their environments. The following free and low-cost tools can be used to detect and identify WAPs:

• Wireless netview: http://www.nirsoft.net/utils/wireless_network_view.html
• Kismet: http://www.kismetwireless.net
• Inssider Office: http://www.metageek.net/products/inssider-office
• Xirrus Wi-Fi Inspector (NOW CAMBIUM): https://www.cambiumnetworks.com/xirrus/

 

Maintenance and Analysis of Security Audit Logs

 

• Splunk: https://www.splunk.com/

 

Password Storage

You can use the following free tools to manage passwords:

• Password Safe: http://passwordsafe.sourceforge.net/index.shtml
• Keepass: http://keepass.info
• Password Gorilla: https://github.com/zdia/gorilla/wiki

 

Network Monitoring

Network monitoring tools can be used to ensure that NIST-required controls and process (e.g. SSH, SLL) are correctly running. The following free network monitoring tools are often seen by Coalfire during PCI assessments:

• Nagios: http://www.nagios.org
• Zabbix: https://www.zabbix.com/
• APIC EM: https://developer.cisco.com/site/apic-em/
• OpenNMS: http://www.opennms.org
• Sguil: http://bammv.github.io/sguil/index.html

 

With the list of tools here, we’ve only scratched the surface of free and low-cost software tools that you might use to help with compliance. I encourage you to explore these tools and determine which ones might benefit your organization.