原文地址:http://www.linux.com/news/software/applications/797378-10-open-source-security-software-tools
源自Google,Facebook,Netflix和Cisco的十个开源安全工具
Choice has long been a defining feature of the world of free and open source software,
选择世界上自由的开源安全软件一直是一个重要话题
and the constellation of options only gets bigger every year. Often it's brand-new projects causing the increase,
伴随这新品牌的出现,供选择的对象年复一年地增加.
but sometimes the growth happens in another way, when tools that were developed for a company's internal use get opened up for all the world to see, use and improve.
但是有些时候安全软件数量却以另外一种方式增长:一个被用于公司内部的而开发的工具被世界,发现,使用,并且增强.
That, in fact, is just what has been happening lately on a grand scale in the security arena, where numerous major companies have been opting to open the doors to their own, in-house tools.
事实上,这正是发生在安全领域的一个规模宏达的事件:很多著名公司决定公开它们的内部工具.
Google, Facebook and Netflix are all among the companies taking this approach lately, and it's changing the security landscape significantly.
Google,Facebook和Netflix就是最近采取了这种方法的公司,它们明显地改变了安全界的格局
"Security is never going to work if it continues in a vacuum, with everyone keeping their tricks and observations secret,"
“如果每个人都封存技巧,偷窥秘密,继续处与封闭状态,安全永远不会有进步”
McCall Paxton, a security consultant with Netlogx, told Linux.com.
Netlogx的安全顾问McCall Paxton,对Linux.com说
"People like me earn our living in security, but we will continue to be outpaced and collectively outsmarted unless more things become open source. From monitoring programs to tools, it boils down to time -- none of us has it alone, but we have it in spades when we are together.
“像我这样以安全事业为生的人,除非有更多的软件开放源代码,否则我们将继续被超越,例如时间创作的监听工具,没有人完全拥有它,是我们共同塑造了他”
"You can have a very strong team of 20 people working on your security product, or you can leverage not only your dedicated team but the thousands of people who are a part of the open source community," Paxton added. "In essence, you have just increased your team a hundredfold."
“你可以拥有一个强大的具有的20人团队为你的安全产品工作,或者你可以扩充为具有1000个愿意为开源事业工作的人组织.”Paxton补充到,”从本质上讲,你只是把你的团队扩大了一百倍”
Ready for a rundown of some of the key security products to join the open source world recently? There's definitely no shortage.
准备好将一些关键安全产品加入开源世界了吗?绝对是百利无一害的.
10 Newly Open Source Security Tools
十个新的开源安全工具
* Nogotofail. Originally built by Google's Android security team, Nogotofail "provides an easy way to confirm that the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations,"
*Nogotofail.最初由Google的安卓安全团队开发,Nogotofail 提供了一个简单的基于 TLS/SSL 漏洞和错误配置的方式确定磁盘上安装的应用程序是否安全
in the words of Chad Brubaker, an Android security engineer. The tool works for Android, iOS, Linux, Windows, Chrome OS and OSX.
就安卓安全工程师Chad Brubaker的话来看,这个工具可以在 Android, iOS, Linux, Windows, Chrome OS 甚至 OSX平台下工作.
"We’ve been using this tool ourselves for some time," Brubaker explained earlier this month. "Today, we’re releasing it as an open source project, so anyone can test their applications, contribute new features, provide support for more platforms, and help improve the security of the Internet."
“我们曾经自己使用这个工具,”Brubaker 在这个月初说道,”今天,我们把他提升为一个开源工程,因此,所有人都可以测试他,贡献新的特点,提供更多的支持平台,并且帮助提高互联网安全”
* Osquery. Facebook's Osquery, meanwhile, targets enterprises with a tool focused on SQL-powered operating-system instrumentation and analytics.
*Osquery. 属于Facebook,同时,它也为很多企业提供了一个有力的专注于SQL系统的分析检测工具.
"With Osquery, you can use SQL to query low-level operating-system information," the project site explains. "Under the hood, instead of querying static tables, these queries dynamically execute high-performance native code. The results of the SQL query are transparently returned to you quickly and easily."
“利用Osquery,你可以使用SQL查询系统底层的信息,”这个项目网站上描述道,”用高性能的动态本地算法代替静态表引擎,这使得SQL查询能快速,简单,清晰地反馈给你”
* Security Monkey, Scumblr, Sketchy. Netflix has been on a roll when it comes to open sourcing software in general. In June it was Security Monkey that got open sourced, with a focus on monitoring and analyzing the security of Amazon Web Services configurations. More recently, it was Scumblr and Sketchy, two security-related Web applications.
*Security Monkey,Scumblr,Sketchy.当谈到开源软件时,Netflix公司已经箭在弦上,.用于检测和分析亚马逊网络服务配置的安全性的Security Monkey 在六月宣布开源.最近,Scumblr 和Sketchy,两个安全相关的网络应用程序也宣布开源.
* RAPPOR. Also from Google, RAPPOR -- short for Randomized Aggregatable Privacy-Preserving Ordinal Response -- is designed to anonymously crowdsource statistics from end-user client software without invading users' privacy.
*RAPPOR,同样是来自Google,简短的随机化集合响应隐私保护,它被设计成以匿名包的方式从终端获取数据而不侵犯用户隐私
In the words of its creators, "RAPPORs allow the forest of client data to be studied, without permitting the possibility of looking at individual trees."
用创作者的话来说,”RAPPOR允许对客户端的数据进行研究,而不允许看特定目录.
* OpenSOC. Just last week, Cisco announced an open source security analytics framework called OpenSOC.
*OpenSoc.就在上个星期,Cisco 公布了OpenSoc的安全分析框架开放源代码.
Aimed at helping organizations leverage big data for security, the new tool provides a platform for the application of anomaly detection and incident forensics to data loss.
这个新工具提供了一个对应用程序数据丢失进行异常检测和事故取证的平台.它旨在帮助企业安全得利用大数据.
"By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation,"
“,像Storm,Kafka通过综合众多的hadoop系统元素,或者像Elasticsearch,OpenSoc提供了可扩展平台整合能力,例如完整的数据包捕获标引,存储器,数据丰富,流处理,批量处理,实时搜索和遥测聚集”
explained Pablo Salazar, a Cisco security solutions manager.
Cisco的安全解决方案经理Pablo Salazar说到
"It also provides a centralized platform to effectively enable security analysts to rapidly detect and respond to advanced security threats."
“它还提供了一个集中的平台,使安全分析师能能有效的快速检测出安全威胁并作出反应.”
* Firing Range. Also last week, Google released Firing Range, an open source security scanning tool.
*Firing Range. 也是在上个星期,Google 发布了一个开源的安全扫描工具:Firing Range.
explained Claudio Criscione, a security engineer at Google."The scanner is built entirely on Google technologies like Chrome and Google Cloud Platform, with support for the latest HTML5 features, a low false positive rate and ease of use in mind,"
Google的安全工程师 Claudio Criscione说道:”和Chrome和谷歌云平台一样,这个扫描器是完全建立在Google的技术之上的,它提供了最新的HTML5支持,并且具有低的误报率和易用性.”
* Conceal. Also from Facebook is Conceal, an open source tool released earlier this year that's essentially a set of Java APIs to perform cryptography on Android and make storage more secure and lightweight.
*Conceal.也是来自Facebook,在今年早些时候发布了一个开源工具,本质上是一组Java API来在Android上进行加密,使存储更加安全,轻便。
"We created Conceal to be small and faster than existing Java crypto libraries on Android while using memory responsibly," explained Facebook software engineer Subodh Iyengar.
“当我们使用内存负责时,它在Android上建立隐藏式小,比现有的Java加密库更快”Fackbook的软件工程师Subodh Iyenger说道
* VirusTotal. Last but not least, it's also worth mentioning Google's free VirusTotal online scanning service. After open sourcing its uploader for Mac OSX and Linux in July, VirusTotal earlier this month rolled out a new tool focused specifically on Linux malware.
*VirusTotal.最后并非最不重要.它也是值得一提的Google免费在线扫描服务.经过七月份针对Mac OSX和Linux开源上传,VirusTotal服务在本月初推出了专门针对Linux上的恶意软件一种新的工具。