HD Moore, chief research officer at Rapid7, has called for all security professionals to collaborate on security data research and analysis to create greater awareness and understanding of security issues and their implications. To facilitate this, Rapid7 Labs, led by Moore, has launched Project Sonar, offering free tools and terabytes of data from its own research efforts. HD launched the initiative during his keynote address at DerbyCon 3.0, in which he advocated internet-wide analysis as a practical tool for security practitioners to meaningfully improve their network security.
“Security issues are rife across the internet and the situation is getting worse, not better. The security community needs to start sharing data and working together so we can identify and tackle the huge issues confronting us,” said HD. “This isn’t just work for researchers – all security professionals can be their own researcher and ‘scan all the things!’ or contribute to shared analysis. We’re trying to make this easy for the average IT guy to help them understand the value of the data they have.”
To facilitate this collaborative approach, Rapid7 Labs has created and highlighted a number of free tools for scanning and analysis, including ZMap, Nmap, SSL certificate grabbers, DNS reverse lookup scanning and more. These are all available at the Project Sonar community page in SecurityStreet. The site provides a place for security professionals to share data and findings, discuss potential approaches, highlight analysis and implications and suggest remediation options.
Terabytes of data from past internet scanning research is also available for browsing and analysis, for example findings from the year-long Critical.IO scanning project conducted by Moore and Rapid7 Labs. Critical.IO highlighted a number of pervasive security issues, including vulnerabilities in UPnP, IPMI and serial port servers. The value of these kinds of scans in highlighting widespread insecurity across the internet is also apparent in a number of similar initiatives, such as the Internet Census 2012, SHODAN, and most recently the University of Michigan’s ZMap report.
While the value of these findings is undisputed, the investigation has traditionally been considered the territory of dedicated research teams, such as Rapid7 Labs and the ZMap team from the University of Michigan. Rapid7 believes that this approach will not be effective in making the internet more secure without increased collaboration with the wider security community.