Greetings My fellow hackers!.
Its been long since I last visited and I must say I'm very much impressed with the community's growth since I left. Its always nice to see new threads and members around making the forum live each passing minute. I think I should also mention, I sometimes check Null-Byte forum threads from my schools computer lab, just that I don't comment or give my opinion or help. You guys are really awesome in all your ways.
I am home for school break and I decided to check whats trending on the web.
Latest: NSA Releases Open Source Network Security Tool for Linux
Its kinda funny because the same National Security Agency ( NSA ), I mean our own NSA that wants its hands on our data now offers an open source tool. The network security tool is for the Government and the private sectors to help secure their networks against cyber attacks. Hehehe, Cyber Attacks.
The network tool dubbed Systems Integrity Management Platform (SIMP) makes it easier for government organizations and the private sector to "fortify their networks against cyber threats."
SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility.
The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry best practice.
Though it is fully capable out of the box, the intent of SIMP is to be molded to your target environment in such a way that deviations are easily identifiable to both Operations Teams and Security Officers.
At this time, there are no commercial requirements for the use of SIMP outside of the purchase of Red Hat Enterprise Linux licenses as applicable.
Currently, SIMP supports operating systems including Red Hat Enterprise Linux (RHEL) Versions 6.6 and 7.1 as well as Community Enterprise Operating System (CentOS) Versions 6.6 and 7.1-1503-01.
A Reply From NSA
"By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: The wheel would not have to be reinvented for every organization" - NSA.
Now The Real Question: Is the NSA's SIMP tool Backdoored
The question here is not how much security NSA's tool offers, but the question is: Should we trust NSA tool?
Until now, the entire world is aware of the NSA's Global surveillance practices. The internal data exposed by former contractor Edward Snowden shown the extent of surveillance and bulk data collection by NSA, which range from US citizens to leaders of allied governments.
Several US government officials, including the NSA Director Mike Rogers, outgoing US Attorney General Eric Holder, and the FBI director James Comey, have all suggested that major tech companies such as Apple and Google should provide law enforcement agencies special access to their users' encrypted data, demanding secret backdoors.
Knowing this, one must think twice before adopting NSA's latest SIMP tool. However, the security of a Linux is a massive subject and tools are used to provide additional security on a Linux computer. So, it is always important to choose a right tool.
Where's the code?!
For those out there that just want the goods, the actual code for the SIMP project is hosted under the SIMP GitHub Organization.
Lets hear your views on the topic since I am really skeptical about the tool's genuineness. Thanks for reading.