Friday, January 29, 2016

BroCon ’16: Sept. 13th - 15th in Austin, TX

We are happy to announce that BroCon ’16 will occur on Tuesday, September 13th - Thursday, September 15th at the Texas Advanced Computing Center in Austin, Texas.

See our event page:
https://www.bro.org/community/brocon2016.html

Early bird registration is open! CFP is open!

Interested in sponsoring BroCon? Contact us at info@bro.org for more information.

Thank you for your continued support, and see you in September!

Regards,
The Bro Project

Tuesday, January 19, 2016

Bro training at Educause Security Professionals Conference, April 18th

The Bro Team is presenting a training at the 2016 Educause Security Professionals Conference on Monday April 18th in Seattle, Washington. Our topic is "Monitoring Your Science DMZ with Bro."

The Science DMZ architecture is spreading throughout higher ed, with both the National Science Foundation and ESNet promoting this more open model to campus cyberinfrastructure providers. NSF has invested in building 10G and 100G research networks to meet the growing demands of the nation's scientists and engineers, but this brings challenges to many traditional ways of securing campus infrastructure. Bro has a successful track record protecting some of the most demanding networks in the country, and it comes well prepared to address the security challenges of bringing data and compute resources outside the firewall for performance. The NSF Bro Center of Expertise is hosting a one-day Bro training workshop aimed at higher ed operators of cyberinfrastructure. This hands-on training will demonstrate Bro's capabilities, teach you how to set up and configure Bro, discuss strategies for deployment on high-speed networks, and present opportunities for further individual assistance from the center.

OUTCOMES:
  • Understand the purpose of Bro and its features
  • Learn how to install Bro with suggested configuration modifications (e.g., load balancing, pinning workers)
  • Learn how to seek assistance from the Bro Center of Expertise

Event link:
http://www.educause.edu/events/security-professionals-conference

Bro Abstract:
http://www.educause.edu/events/security-professionals-conference/2016/monitoring-your-science-dmz-bro

Thursday, December 17, 2015

A New Bro Tutorial: Happy Holidays from the Bro Team

New Bro Tutorial

We are happy to announce our special present to the Bro Community: Our new interactive Bro Tutorial.

Based on try.bro.org this tutorial leads you step by step through the Bro Script Language and allows you to interactively run and change all examples. The first lesson is complete, more lessons are in the works.

Feedback and questions are more than welcome at info@bro.org.

We hope you enjoy our new little helper and wish you Happy Holidays.

Your Bro Team

Friday, December 11, 2015

Broker & CAF: An Interview with the Developers

With Broker as our new communication middle-layer, we set the foundation for more open and distributed deployments of Bro. Broker is the successor of Broccoli, with much more emphasis on asynchronous, distributed communication. Over the past decade, we learned that scaling network monitoring fundamentally requires load balancing. Bro cluster deployments are becoming mainstream, and Broker lays the foundation to harness them effectively.

Internally, Broker leverages CAF, the C++ Actor Framework, which lifts the actor model to modern C++ environments. We foster a close collaboration with the CAF developers, who have been very responsive and helpful so far. Recently, the team reached out to us for an interview, which you can find at their blog:


Stay tuned for more Broker-related updates in the future.

Thursday, December 10, 2015

Bro Receives $200K Grant from Mozilla

The Mozilla Open Source Support (MOSS) program has awarded the Bro Project a $200,000 grant to develop the Comprehensive Bro Archive Network (CBAN), a public repository for sharing 3rd-party scripts and plug-ins.

CBAN has been a proposed project for some time but requires more time and resources than we were able to dedicate to its development. This grant will allow us to acquire the people and hardware needed without sidetracking Bro's core development.

For members the community, CBAN solves the key challenge of helping people extend Bro beyond our provided scripts. Users will be able to easily share scripts, up-vote the best ones, and possibly have their scripts incorporated into Bro. Our hope is for CBAN to grow into a substantial repository, curated by the Bro community and its development team.

To learn more about the award and the other recipients, see Mozilla's blog post.

We thank the Mozilla Open Source Support program for its support.

Friday, December 4, 2015

OpenSSL security issue affecting Bro (CVE-2015-3194)

The OpenSSL Project today published a security advisory, that affects users of Bro that are using the X.509 certificate validation functionality of Bro. This functionality is enabled by default for cluster installations; it is not enabled by default when running Bro via the command line. Certificate validation is enabled by either loading the policy script protocols/ssl/validate-certs.bro or protocols/ssl/validate-ocsp.bro. To disable this functionality, make sure that none of these scripts are loaded in local.bro.

If certificate validation is enabled, an attacker can launch a DOS attack against a Bro installation. An attacker will be able to reliably crash all Bro nodes that use certificate validation and a vulnerable version of OpenSSL. The root cause of the OpenSSL bug is a null-pointer exception that occurs 
when parsing certain malformed X.509 certificates.

The issue affects OpenSSL 1.0.1 and 1.0.2 and was fixed in OpenSSL 1.0.1q and 1.0.2e respectively. If you use Bro and perform certificate validation, you should update as soon as possible.

To test if you are vulnerable, you can use our test certificate. If executing "openssl x509 -in cve-2015-3194-test.pem -noout -text" works without crashing, you should not be vulnerable.

The original OpenSSL security advisory is available at https://www.openssl.org/news/secadv/20151203.txt. It also contains a few other issues that are not directly applicable to Bro.

Thursday, November 12, 2015

Announcing the Bro Future Fund

Bro has seen exponential growth over the past five years since the release of version 2.0. This is seen in the growth of attendees and organizations at BroCon, Twitter followers, IRC channel usage, downloads, and more. Much of the credit to this surge of activity goes to the National Science Foundation, which at a key time provided us with the support for software engineering the project had long needed, and which continues to fund the NSF Bro Center to help NSF communities and higher-ed. Help us with the next stage of our growth. Become a precious metal sponsor and investor in the Bro Future Fund.

In this year, our 20th anniversary, we joined Software Freedom Conservancy.  This alliance will support our continued growth, further build the community of support, and stay true to our open source heritage.  We have likewise formed a leadership steering team drawing upon community representatives that depend upon Bro for their day-to-day operations from a range of constituents (public sector, education, private sector).

We understand that our community depends upon us; we likewise depend upon the community. We want to continue to develop a great software system, but see an even brighter future ahead. Imagine a vibrant community with contributions to Bro from all over the world; not just one annual conference but a wealth of events around the world; Bro training/sharing workshops with community grants and awards; a surplus of illuminating training materials and high-quality, real time support.  We see this demand on a daily basis, but we need your help to make it a reality.

Joining the Conservancy is an important first step to fulfill this vision of a larger, vibrantly engaged, community-driven project. Going further, we need resources to fuel new undertakings, to provide stability to our development efforts, and to anchor plans for the next decade of development. Consider becoming a sponsor organization today and strike the spark for the next great adventure!


Precious Metal Levels

All annual sponsors are recognized with their logos on our sponsorship page, with particular prominence going to the highest levels. Bronze sponsorship starts at $10,000 per year, Silver at $25,000 per year, Gold at $50,000 per year, and Platinum at $100,000 per year. Contact us at bro@sfconservancy.org to discuss becoming a precious metal sponsor or the unique Singular Sustainer sponsor.


Donations

In addition to these annual sponsorships meant to sustain and grow the project, we also gladly accept donations of any size through PayPal from both individuals and organizations. Please see our web page for more information. Everything helps.