DOCSLIB.ORG

Addressing SMTP-Based Mass-Mailing Activity Within Enterprise Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Addressing SMTP-Based Mass-Mailing Activity Within Enterprise Networks Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks David Whyte, P. C. van Oorschot, Evangelos Kranakis School of Computer Science Carleton University, Ottawa, Canada dlwhyte, paulv, [email protected] Abstract ple, the MyDoom mass-mailing worm at its peak was responsible for one in every twelve Internet email mes- Malicious mass-mailing activity on the Internet is a sages [6]. The majority of mass-mailing worms employ serious and continuing threat that includes mass-mailing the same infection delivery mechanism: a Simple Mail worms, spam, and phishing. A mechanism commonly Transfer Protocol engine (SMTP-engine), which turns an used to deliver such malicious mass mail is an SMTP- infected system into a malicious mail server. As mail engine, which turns an infected system into a malicious server filtering techniques become more effective, spam- mail server. We present a technique that enables, within mers and phishers are resorting to hijacking ordinary PCs a single mailing attempt in many popular network envi- (thereafter zombies) and using built in SMTP-engines or ronments, detection and containment of (even zero-day) mail proxy programs to send malicious mail without the SMTP-engine based mass-mailing activity. Contrary to owner's knowledge [3, 12]. In fact, it has been estimated other mass-mailing detection techniques our approach is that 80% of spam is sent by spam zombies [12]. content independent and requires no attachment process- In this paper, we exploit the interaction between ing, network traffic correlation, statistical measures, or SMTP-engines and DNS servers to provide a new method system behavioral analysis. It relies instead on the obser- to detect malicious mass-mailing activity within an en- vation of DNS MX queries within the enterprise network. terprise network. In short, SMTP-engine infected clients This stateless detection technique requires minimal com- typically request Mail Exchanger (MX) records from a putational resources making it ideally suited for real-time DNS server (either their local DNS server or DNS servers wire-speed deployment. outside the network boundary) in order to locate the mail servers that can deliver the malicious mail to their in- tended victims. While some legitimate client systems 1 Introduction run their own email servers locally, most enterprise envi- ronments use perimeter mail servers to send and receive email.2 In this scenario, only the corporate mail servers Internet users are inundated by a steady stream of within the enterprise network are generally expected to emails infected with malicious code, unwanted product query DNS servers for MX records (see further discus- advertisements, and requests for personal information sion, including exceptions in Section 4.2). from criminals masquerading as legitimate entities to en- able the commission of fraudulent activity. The use of Our Contributions. We present a technique, imple- gateway anti-virus (and per client) software and spam fil- mented and tested with a software prototype, to detect ters offers some measure of protection. However, these and quarantine SMTP-engine mass-mailing based solely perimeter defences often fail to detect zero-day worms on the observation of a DNS MX record request from and viruses, often quarantine legitimate emails misidenti- client systems. No modeling or statistical measurement fied as spam, and do not address perhaps the most preva- of user or network behavior is required. Furthermore, it lent infection method: users unwittingly opening mali- does not rely on attachment scanning, allowing detection of malicious text-based emails with hypertext embedded cious attachments. A strong argument can be made that 3 the best chance to detect and quarantine malicious email links to malicious websites. To validate these claims, occurs before it is sent outside of the enterprise network. including spam). To date, the use of mass-mailing worms has been the 2This allows for gateway anti-virus software at the network perime- fastest way to propagate malicious mail.1 For exam- ter and lower cost (e.g. maintenance, support, policy enforcement) cor- porate email. 1We define malicious mail as unwanted email unwittingly sent by 3These websites infect a system by sending malicious code through a compromised system whether or not it contains malicious code (i.e. website content retrieved by the client system. 1 we performed tests in an isolated test network with a live every email for dangerous attachments. They employ vir- mass-mailing worm. tual machine clusters, host-based intrusion detection, and Our anomaly-based approach is appealing for a num- email-worm vaccine aware Mail Transfer Agents. ber of reasons: Hu et al. [10] present an application of the PAIDS (ProActive Intrusion Detection System) detec- Speed 1. : in certain network environments the possi- tion paradigm using a prototype system called BESIDES bility to detect and contain an SMTP-engine before which detects mass-mailing viruses. PAIDS employs a single malicious email message can be sent. two general techniques: comparing a system's behavior 2. Detection and containment of zero-day mass- against its security policy (behavior skewing) and iso- mailing worms: possible because the approach does lating illegal system behaviors in a virtual environment not rely on existing worm signatures. (cordoning). Their prototype detected a number of real 3. Impact to quarantined system: once identified as mass-mailing worms with a low false positive rate. How- a malicious mass-mailer, only SMTP activity (port ever, their implementation is deployed at SMTP servers 25) will be blocked on the system allowing all other which would fail to detect SMTP-engine activity. SMTP- user activity to proceed unhindered. engines bypass network mail servers (and even in some 4. Low-false positive rate: empirical analysis (see Sec- cases local DNS servers) making network-based detec- tion 4.2) suggests that client MX record requests are tion techniques necessary. rare for most users.4 Gupta et al. [9] use specification-based anomaly de- 5. Ease of deployment: the approach is network-based, tection to detect email viruses. Their approach looks for runs on commodity hardware, and relies on the ob- increases in mail traffic from clients to mail servers over servation of a protocol found in all networks (i.e. a threshold determined during a training period. Specif- DNS). ically, the statistics of send and deliver transitions in a state machine are maintained for both individual clients Organization. Section 2 discusses related work. Sec- and the entire collection of clients within the network. tion 3 outlines the basic approach. Section 4 presents an Using a series of simulated experiments they detected empirical analysis of client MX record request activity. stealthy (e.g. polymorphic) viruses with a low false posi- Section 5 discusses our prototype and its performance in tive rate. an isolated worm test network. Section 6 contrasts our Wong et al. [20] performed an empirical study on technique with others. We conclude in Section 7. mass-mailing worm behavior using network traffic traces from a college campus. The characteristics of two mass- 2 Related Work mailing worms with respect to DNS activity and TCP traffic flows were studied. They found that changes in Zou et al. [23] developed a mass-mailing worm model network activity from infected hosts allowed for interest- by profiling the user behavior of email checking times ing detection possibilities. They propose that a more in- and email attachment opening probabilities. They ana- depth investigation of monitoring and containing mass- lyzed the impact of selective immunization defense, that mailing worms using DNS servers should be performed entails making the most connected email users' systems as it holds promise as a way to slow down propaga- immune to an email worm. Their results reveal that al- tion. One important observation was that defences de- though a power law topology enables a worm to spread signed for monitoring SMTP servers will not work well more quickly, it also allows for faster containment. Their for mass-mailing worms as they have their own SMTP- work provides an email worm model that incorporates engines. user behavior and offers some insight into worm prop- Ishibashi et al. [11] employ a technique that uses agation on a number of network topologies. The same a Bayesian inference method to calculate and assign authors propose [22] a multi-step feedback email defence a value to the suspiciousness of specific domain name mechanism to detect malicious email within an enterprise queries from individual hosts. This method assumes that network; and suggest the use of a honeypot to detect out- there is partial prior information about the normal char- going viruses. acteristic domain name queries from the network. Sig- Sidiroglou et al. [17] propose an architecture to detect natures are manually derived from the query content of zero-day worms and viruses, which intercepts and scans suspected worm infected hosts. Hosts that send domain requests that match the signature query content are as- 4In a university network of about 300 users over one week, we found sumed to be infected with a mass-mailing worm. Their only 5 anomalous MX record queries from client systems. While in technique is not suitable for detecting zero-day worms in most corporate environments the deployed software application base- line differs substantially from a university network, the greater software real-time as it requires both manual analysis and a prede- diversity in the latter makes it a good test environment. termined signature to identify suspected worm activity. 2 Whyte et al. [18] used DNS activity to detect the pres- ence of scanning worms within an enterprise network. Internet The observation of connections outside the network not Router preceded by a DNS query was considered anomalous and Enterprise Network a strong indicator of scanning worm activity. They hy- pothesized that MX queries from client systems could in- Mail DNS dicate mass-mailing worm infection, but recognized that the detection and containment of mass-mailing worms 2 MX Query would require the collection of different network data 3 Email (i.e.
Load more

Recommended publications
  • Learning Apache Mahout Classification Table of Contents
    Learning Apache Mahout Classification Table of Contents Learning Apache Mahout Classification Credits About the Author About the Reviewers www.PacktPub.com Support files, eBooks, discount offers, and more Why subscribe? Free access for Packt account holders Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Downloading the color images of this book Errata Piracy Questions 1. Classification in Data Analysis Introducing the classification Application of the classification system Working of the classification system Classification algorithms Model evaluation techniques The confusion matrix The Receiver Operating Characteristics (ROC) graph Area under the ROC curve The entropy matrix Summary 2. Apache Mahout Introducing Apache Mahout Algorithms supported in Mahout Reasons for Mahout being a good choice for classification Installing Mahout Building Mahout from source using Maven Installing Maven Building Mahout code Setting up a development environment using Eclipse Setting up Mahout for a Windows user Summary 3. Learning Logistic Regression / SGD Using Mahout Introducing regression Understanding linear regression Cost function Gradient descent Logistic regression Stochastic Gradient Descent Using Mahout for logistic regression Summary 4. Learning the Naïve Bayes Classification Using Mahout Introducing conditional probability and the Bayes rule Understanding the Naïve Bayes algorithm Understanding the terms used in text classification Using the Naïve Bayes algorithm in Apache Mahout Summary 5. Learning the Hidden Markov Model Using Mahout Deterministic and nondeterministic patterns The Markov process Introducing the Hidden Markov Model Using Mahout for the Hidden Markov Model Summary 6. Learning Random Forest Using Mahout Decision tree Random forest Using Mahout for Random forest Steps to use the Random forest algorithm in Mahout Summary 7.
    [Show full text]
  • Linux VDS Release Notes
    Linux VDS Release Notes Linux VDS Release Notes Introduction Important: This document is based on the most recent available information regarding the release of Linux VDS. Future revisions of this document will include updates not only to the status of features, but also an overview of updates to customer documentation. The Linux VDS platform provides a set of features designed and implemented to suit the value-added reseller (VAR), small hosting service provider (HSP), application service provider (ASP), independent software vendor (ISV), and any small- and medium-sized business (SMB). This document provides administrators who possess minimal to moderate technical skills with a guide to the latest documentation and other sources of information available at the time of the release. This document also includes any cautions and warnings specific to this release. For more information, refer to the following documents: • Linux VDS User’s Guide • Linux VDS Getting Started Guide In addition, you can also refer to the following Web content: • Frequently-asked questions (FAQ) Status of Features Linux VDS introduces new features and enhancements. What’s New? The following table describes the status of features included with this release: Feature Status Accrisoft This release introduces support for Accrisoft e-commerce software (http://www.accrisoft.com/ ). You can use the software to build and manage profitable Web sites. Accrisoft is a fee-based, optional application. This release also provides an installation script to assure the software operates fully and correctly on your account. An uninstall script assures that you can remove the software completely and effectively if you need to do so.
    [Show full text]
  • A Rule Based Approach for Spam Detection
    A RULE BASED APPROACH FOR SPAM DETECTION Thesis submitted in partial fulfillment of the requirements for the award of degree of Master of Engineering In Computer Science & Engineering By: Ravinder Kamboj (Roll No. 800832030) Under the supervision of: Dr. V.P Singh Mrs. Sanmeet Bhatia Assistant Professor Assistant Professor Computer Science & Engineering Department of SMCA COMPUTER SCIENCE AND ENGINEERING DEPARTMENT THAPAR UNIVERSITY PATIALA – 147004 JULY- 2010 i ii Abstract Spam is defined as a junk Email or unsolicited Email. Spam has increased tremendously in the last few years. Today more than 85% of e-mails that are received by e-mail users are spam. The cost of spam can be measured in lost human time, lost server time and loss of valuable mail. Spammers use various techniques like spam via botnet, localization of spam and image spam. According to the mail delivery process anti-spam measures for Email Spam can be divided in to two parts, based on Emails envelop and Email data. Black listing, grey listing and white listing techniques can be applied on the Email envelop to detect spam. Techniques based on the data part of Email like heuristic techniques and Statistical techniques can be used to combat spam. Bayesian filters as part of statistical technique divides the income message in to words called tokens and checks their probability of occurrence in spam e-mails and ham e-mails. Two types of approaches can be followed for the detection of spam e-mails one is learning approach other is rule based approach. Learning approach required a large dataset of spam e-mails and ham e-mails is required for the training of spam filter; this approach has good time characteristics filter can be retrained quickly for new Spam.
    [Show full text]
  • Return of Organization Exempt from Income
    OMB No. 1545-0047 Return of Organization Exempt From Income Tax Form 990 Under section 501(c), 527, or 4947(a)(1) of the Internal Revenue Code (except black lung benefit trust or private foundation) Open to Public Department of the Treasury Internal Revenue Service The organization may have to use a copy of this return to satisfy state reporting requirements. Inspection A For the 2011 calendar year, or tax year beginning 5/1/2011 , and ending 4/30/2012 B Check if applicable: C Name of organization The Apache Software Foundation D Employer identification number Address change Doing Business As 47-0825376 Name change Number and street (or P.O. box if mail is not delivered to street address) Room/suite E Telephone number Initial return 1901 Munsey Drive (909) 374-9776 Terminated City or town, state or country, and ZIP + 4 Amended return Forest Hill MD 21050-2747 G Gross receipts $ 554,439 Application pending F Name and address of principal officer: H(a) Is this a group return for affiliates? Yes X No Jim Jagielski 1901 Munsey Drive, Forest Hill, MD 21050-2747 H(b) Are all affiliates included? Yes No I Tax-exempt status: X 501(c)(3) 501(c) ( ) (insert no.) 4947(a)(1) or 527 If "No," attach a list. (see instructions) J Website: http://www.apache.org/ H(c) Group exemption number K Form of organization: X Corporation Trust Association Other L Year of formation: 1999 M State of legal domicile: MD Part I Summary 1 Briefly describe the organization's mission or most significant activities: to provide open source software to the public that we sponsor free of charge 2 Check this box if the organization discontinued its operations or disposed of more than 25% of its net assets.
    [Show full text]
  • Comodo Antispam Gateway Software Version 1.5
    Comodo Antispam Gateway Software Version 1.5 Administrator Guide Guide Version 1.5.082412 Comodo Security Solutions 525 Washington Blvd. Jersey City, NJ 07310 Comodo Antispam Gateway - Administrator Guide Table of Contents 1 Introduction to Comodo Antispam Gateway........................................................................................................................... 4 1.1 Release Notes............................................................................................................................................................. 5 1.2 Purchasing License .................................................................................................................................................... 6 1.3 Adding more Users, Domains or Time to your Account .................................................................................................6 1.4 License Information................................................................................................................................................... 10 2 Getting Started................................................................................................................................................................... 13 2.1 Incoming Filtering Configuration ................................................................................................................................ 13 2.1.1 Configuring Your Mail Server..................................................................................................................................
    [Show full text]
  • DNS Manager User Guide VF
    Vodafone Hosted Services: DNS Manager User Guide DNS Manager User Guide 1 Vodafone Hosted Services: DNS Manager User Guide DNS Manager What is DNS Manager ? DNS Manager allows the end-user to edit their domain’s zone file, including A (address) records, CNAME (canonical name) records and MX (mail exchange) records. What is the Default Zone File ? If the end-user selects “Edit Zone File” and clicks “Next”, their current zone file will be displayed at the top of the screen. By default, their zone file will contain several important records. Any changes to these records may cause serious problems with their website and email performance. What is DNS ? DNS (Domain Name System or Domain Name Service) catalogs and updates information in regards to domain names. DNS converts domain names into IP addresses. DNS usually contains a set of zone files that lists the types of redirection that will be done. 2 Vodafone Hosted Services: DNS Manager User Guide What are Zone Files ? Four types of records are important in a zone file: • A records • CNAME records • MX records • Start of Authority (SOA) domain.com points to 216.251.43.17 mail.domain.com points to 69.49.123.241 mail will be delivered to 10 mx1c1.megamailservers.com first mail will be delivered to 100 mx2c1.megamailservers.com second mail will be delivered to 110 Resource Record Abbreviations The end-users domain name is called their “origin”. The origin is appended to all names in the zone file that do not end in a dot. For example, if their domain is yourname.com, the entry “www” in the zone file is equal to www.yourname.com.
    [Show full text]
  • Mastering Spam a Multifaceted Approach with the Spamato Spam Filter System
    DISS. ETH NO. 16839 Mastering Spam A Multifaceted Approach with the Spamato Spam Filter System A dissertation submitted to the SWISS FEDERAL INSTITUTE OF TECHNOLOGY ZURICH for the degree of Doctor of Sciences presented by KENO ALBRECHT Dipl. Inf. born June 4, 1977 citizen of Germany accepted on the recommendation of Prof. Dr. Roger Wattenhofer, examiner Prof. Dr. Gordon V. Cormack, co-examiner Prof. Dr. Christof Fetzer, co-examiner 2006 Abstract Email is undoubtedly one of the most important applications used to com- municate over the Internet. Unfortunately, the email service lacks a crucial security mechanism: It is possible to send emails to arbitrary people with- out revealing one’s own identity. Additionally, sending millions of emails costs virtually nothing. Hence over the past years, these characteristics have facilitated and even boosted the formation of a new business branch that advertises products and services via unsolicited bulk emails, better known as spam. Nowadays, spam makes up more than 50% of all emails and thus has become a major vexation of the Internet experience. Although this problem has been dealt with for a long time, only little success (measured on a global scale) has been achieved so far. Fighting spam is a cat and mouse game where spammers and anti-spammers regularly beat each other with sophisticated techniques of increasing complexity. While spammers try to bypass existing spam filters, anti-spammers seek to detect and block new spamming tricks as soon as they emerge. In this dissertation, we describe the Spamato spam filter system as a mul- tifaceted approach to help regain a spam-free inbox.
    [Show full text]
  • Suse Linux Enterprise Server 10 Mail Scanning Gateway Build Guide
    SuSE Linux Enterprise Server 10 Mail Scanning Gateway Build Guide Written By: Stephen Carter [email protected] Last Modified 9. May. 2007 Page 1 of 96 Table of Contents Due credit.......................................................................................................................................................4 Overview........................................................................................................................................................5 System Requirements.....................................................................................................................................6 SLES10 DVD............................................................................................................................................6 An existing e-mail server..........................................................................................................................6 A Pentium class PC...................................................................................................................................6 Internet Access..........................................................................................................................................6 Internet Firewall Modifications.................................................................................................................7 Installation Summary.....................................................................................................................................8 How
    [Show full text]
  • Master Thesis Characterizing Sender Policy Framework Configurations At
    Master Thesis Characterizing Sender Policy Framework Configurations at Scale Gabri¨elMathay Kahraman Monday 7th September, 2020 A thesis presented for the degree of Master of Science Computer Science Design and Analysis of Communication Systems (DACS) Chair: prof. dr. ir. Aiko Pras Supervisor: dr. ir. Mattijs Jonker Co-supervisors: ir. Olivier van der Toorn and dr. Doina Bucur Abstract Phishing involves disguising oneself as a trustworthy entity in electronic communication, for example, by pretending to send e-mail on behalf of a company. Phishing e-mails can be prevented if domains implement e-mail security techniques. One of the techniques to improve e-mail security is the Sender Policy Framework (SPF). To enable SPF, the administrator of a domain can specify an SPF policy in the DNS zone of the domain. The SPF policy determines which IP addresses are authorised to send e-mail from the administrator's domain. When an e-mail server receives an e-mail, the e-mail server retrieves the SPF policy of the sender's domain. Next, the IP address of the sender will be queried against the SPF record, and the response of this query determines how to handle the incoming e-mail. The SPF standard was released over six years ago. Even though six years have passed, the research community does not yet have a thorough understanding of the characteristics of SPF use. What we miss is an understanding of how SPF policies are configured, how SPF policies have changed over time, and what the problematic trends are of SPF use. In this Thesis, we address the missing of a large scale analysis on SPF policies over time.
    [Show full text]
  • Email Services Deployment Administrator Guide Email Services Deployment Administrator Guide
    Email Services Deployment Administrator Guide Email Services Deployment Administrator Guide Documentation version: 1.0 Legal Notice Copyright 2016 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Symantec as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S.
    [Show full text]
  • Curriculum Vitae Von Bastian Nolte (Kurzversion)
    Curriculum Vitae von Bastian Nolte Expert IT Business Consultant & Coach Software-Architekt und Full Stack Developer Telefon (CH) +41 44 586 97 10 Mobil (DE) +49 173 20 989 60 E-Mail [email protected] Adresse Grosswilstrasse 2, 6048 Horw / Luzern, Schweiz Web: https://www.bastian-nolte.name Xing https://www.xing.com/profile/Bastian_Nolte Berufserfahrung 22 Jahre Erfahrung im IT-Bereich, davon etwa 9 Jahre als Business Consultant und 4 als Coach. Rollen in (technischer) Projektleitungsfunktion und als Architekt habe ich zirka 11 Jahre lang ausgeübt. Nationalität Deutsch Einsetzbar CH-LI-D-A (Schweiz, Liechtenstein, Deutschland, Österreich) Bevorzugte Schweiz Arbeitsregion (oder remote) Branchenerfahrung Versicherung, Informationstechnologie, Automotive, Dienstleister, IT Dienstleister, Öffentlicher Dienst, Bildungsträger, Telekommunikation, IT Sicherheit Fremdsprachen Englisch Auszeichnungen Innovationspreis Public Private Partnership 2009 (PPP) für den Fachübergreifen- den Einsatz Neuer Medien Freizeit Wandern, Tauchen, Mountain Biking, Kayaking Letzte 2021 Apache Kafka Kurs Confluent Fortbildungen 4929: Confluent Training «Apache Kafka Fundamentals» 2021 Microsoft Azure Zertifizierung Microsoft, AZ-900: Microsoft Certified Azure Fundamentals Pearson VUE. 2020 Kubernetes-Zertifizierung The Linux LFS158x: Introduction to Kubernetes Foundation, e. 2020 DevOps Kubernetes Camp Software & Viertägiges Intensivtraining über Kubernetes und Knative. Support Medi. 2019 Kommunikation & Moderationstechniken in der IT oose Innovative Informa.
    [Show full text]
  • Openstackでnecが実現する 「OSSクラウド」の世界
    OpenStackでNECが実現する 「OSSクラウド」の世界 2013年3月12日 日本電気株式会社 プラットフォームマーケティング戦略本部 OSS推進室 技術主幹 高橋 千恵子 目次 ▐ OSSの動向 ▐ NECのOSS/Linux事業 ▐ OSSプラットフォームへの取り組み 高可用Linuxプラットフォーム OSSミドルウェアの活用 ▐ OSSクラウド OpenStackへの取り組み OSSクラウドソリューション ~沖縄クラウドサービス基盤~ OpenFlow+OpenStack ▐ 最後に ●本資料に掲載された社名、商品名は各社の商標または登録商標です。 Page 1 © NEC Corporation 2013 OSSの動向 Page 2 © NEC Corporation 2013 OSSコミュニティによるプロジェクト ▐ 全般 ・・・・・SaaS型アプリケーションが増加/著名OSSのベンダー配布、有償サポートや買収が進む OSS定点観測は、freecode.com にて実施。 ▐ インフラ系・・・仮想化やクラウド基盤関係のOSSが注目される/システム、ネット管理OSSの伸びがある サイトでの人気度(300以上)で順位付け。 OSSプロジェクトは2012.4時点で32.4万件。 ▐ デプロイメント系・・PostgreSQL、mySQLが高人気 これらのDB管理、DBクラスタリングOSSも伸びている ビジネス用途を中心に表示。 ▐ アプリ系・・・・SaaS型グループウェアOSS、ソフトウェア分類を越えた統合的な著名OSSの伸びがある コンシューマ・プライベート系は除く。 コンテンツアプリケーション •PHProject [GW] エンジニ コラボレーティブ •EGroupware CRM ERM SCM • Dokuwiki [Wiki] • jGnash アリング • WebGUI [CMF] • phpBB [GW] •OBM [GW] • Enterprise CRM and ア • Tiki Tiki CMS Groupware • ProcessMaker • CorneliOS [CMS] • Ariadne Groupware System • Task Juggler [PM] • Blender オペレーション • TinyMCE [DCM] • XODA • Simple Groupware [GW] プ • OpenWebMail[webmail]• Teamwork [GW] • Dolibarr • Achievo [PM] • mxGraph 製造管理 • Drupal [CMS] • mnoGoSerch • LedgerSMB • white_dune • eZpublish [publish FW]• Managing • ZIm [blog] • Plans [GW] • The Apache Open リ • Tine2.0 [CRM&GW] • GnuCash • Jgraph • OTRS • XWiki [Wiki] • Midgard • Zimbra [GW] for Business • Elastix • GroupOffice [GW] • Twiki [KB] • TUTOS[ERP&PM] • graphviz • FUDForum • OpenSearch Project コンシューマ 系 • SquirrelMail [Webmail] • Time Trex • BRL-CAD • Asterisk • Plone CMS Server • Citadel [bbs] •
    [Show full text]