NSA has posted on GitHub utility to ensure network security

The National Security Agency (NSA) of the USA has released an open-source tool for ensuring the network security of government organizations and commercial companies. The system is called SIMP (Systems Integrity Management Platform), its code is placed in the NSA repository on GitHub .



The official press release of the agency says that this tool is designed to help companies protect their networks from hacker attacks.

')

SIMP is a framework that provides a combination of compliance with safety standards and operational flexibility. The main objective of the project is to provide a management environment aimed at complying with standards and best information security practices.

In the text of the press release, it is especially noted that by issuing an open tool, the NSA wants to establish a trusting relationship with the information security community in order to combine security efforts (“every company does not need to reinvent its wheel”).



Currently, SIMP supports Red Hat Enterprise Linux (RHEL) versions 6.6 and 7.1, as well as CentOS versions 6.6 and 7.1-1503-01.



Despite the stated goal of the NSA, it will not be easy to gain trust from representatives of the IT and information security communities. Profile media are already wondering if the SIMP utility contains any backdoors aimed at collecting data? Discussions on Linux user forums are devoted to the same topic.



After the revelations of the former NSA officer Edward Snowden, the world learned that the US National Security Agency was monitoring citizens of various countries, including using the “bookmarks” in the software, which its developers inserted into the code at the request of the American special services.







In our blog, we already talked about how the NSA mobile surveillance is arranged, published a study of the vulnerabilities of mobile networks based on SS7, and held a corresponding competition during the Positive Hack Days information security forum.



Scandals associated with the tapping of citizens, periodically arise not only in the United States. Recently, we wrote that the South Korean intelligence service purchased spyware from the hacker group Hacking Team in order to gain access to messages in popular messengers (for example, Kakao Talk).



In addition, in the summer of 2014, the media widely discussed the story of tapping Ukrainian mobile phones, allegedly carried out from the territory of Russia. In our blog, we published the technical details of the implementation of such an attack.