SIMP — Systems Integrity Management Platform
iSpeech.org
The US National Security Agency has offered up one of its cyber security tools for government departments and the private sector to use freely to help beef up their security and counter threats.
The systems integrity management platform – SIMP – was released to the code repository GitHub over the weekend.
SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility. The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry best practice. Though it is fully capable out of the box, the intent of SIMP is to be molded to your target environment in such a way that deviations are easily identifiable to both Operations Teams and Security Officers.
SIMP helps to keep networked systems compliant with security standards, the NSA said, and should form part of a layered, “defence-in-depth” approach to information security. NSA said it released the tool to avoid duplication after US government departments and other groups tried to replicate the product in order to meet compliance requirements set by US Defence and intelligence bodies.
By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: the wheel would not have to be reinvented for every organisation”
NSA release.
[adsense size='1']
Supported Operating Systems
The following Operating Systems are supported:
- Red Hat Enterprise Linux
- 6.6
- 7.1
- CentOS
- 6.6
- 7.1-1503-01
At this time, there are no commercial requirements for the use of SIMP outside of the purchase of Red Hat Enterprise Linux licenses as applicable.
The NSA, which has in recent years faced heat over its mass surveillance and bulk data collection activities as exposed by former contractor Edward Snowden, has increased its efforts to share its technology in recent months.
The program allows the NSA to offer internally-developed technology to industry and researchers. It has so far opened up a range of products in eight categories spanning networking, optics, processing, security, and microelectronics, among others
Director of the program, Linda Burger, said the open source method of “transferring technology from the federal laboratory to the marketplace is extremely efficient”.
Despite the secrecy of its intelligence gathering work, the NSA has a history of producing and publishing security-related work, and holds annual competitions that seek to find the best cybersecurity papers.
“The open source community can leverage the work that NSA has produced, and the government can benefit from that community’s expertise and perspective. It’s a win for everyone – and for the nation itself”
Linda Burger
The spy agency’s trusted systems research group has also produced a hardened, mandatory access control architecture called Security Enhanced Linux that has found its way into several distributions, as well as Google’s Android mobile operating system, FreeBSD, and Oracle’s Solaris.
Technology components
SIMP uses Puppet to manage and maintain the configuration of the various component systems.
Though there are many possible configurations, out of the box SIMP provides:
- Management
- Puppet Server
- PuppetDB
- MCollective
- Authentication
- OpenLDAP
- Kickstart/Update
- YUM
- DNS
- DHCP
- TFTP
MIGRATION IN PROGRESS
Please be aware that this project is in the process of transitioning legacy code into GitHub. It may take quite some time before a fully functional system is available for immediate download.
Gloss