Checking your endpoints with Stethoscope

Health Screen

Conclusion

According to the Netflix blog [10], if you're a Windows or Apple user, the Stethoscope app will offer you "…a desktop application that checks security-related settings and makes recommendations for improvements without requiring central device management or automated reporting."

Clearly there's a bit of configuration to do in order to hook up multiple devices to Stethoscope. Check out the Stethoscope documentation for more information [11].

If you're interested in other developments in this space then have a look at osquery [12] from the Linux Foundation. According to Netflix, when Stethoscope launched, the intention was to integrate osquery so that it could also provide data on endpoints too.

More on osquery

The osquery website and the GitHub page [13] are both well-constructed and definitely worth a look. The premise is to use Structured Query Language (SQL) queries to check for events across multiple endpoints registered centrally. So, for example, you might run a query to retrieve timestamps relating to all root user logins in the last two days, or you might check for deleted binary files across all your endpoint devices with a single command. These types of tools are invaluable when investigating a suspected security breach.

Infos

Introducing Stethoscope: https://netflixtechblog.com/introducing-netflix-stethoscope-5f3c392368e3
Jamf: https://www.jamf.com
LANDESK: https://www.ivanti.co.uk/company/history/landesk
Google G Suite Mobile: https://gsuite.google.co.uk/intl/en_uk/products/admin/endpoint
bitFit: https://www.bitfit.com
Docker Compose: https://docs.docker.com/compose
Docker CE with Ubuntu: https://docs.docker.com/install/linux/docker-ce/ubuntu
Stethoscope: https://github.com/Netflix-Skunkworks/stethoscope
Stethoscope desktop app: https://github.com/Netflix-Skunkworks/stethoscope-app
Netflix Tech Blog: https://netflixtechblog.com/the-new-netflix-stethoscope-native-app-f4e1d38aafcd
Stethoscope documentation: https://stethoscope.readthedocs.io/en/latest/
oquery: https://osquery.io
osquery GitHub page: https://github.com/osquery/osquery

The Author

Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.

« Previous 1 2