COMMENT ON THIS ARTICLE
Open source security tools abound, so take advantage of them and avoid paying for commercial products if open source fits your needs. That was the message from Matthew Luallen, president of consulting firm Sph3r3, who spoke at Monday's InfoSec Conference.
Pointing to two Web sites, Freshmeat.net and Sourceforge.net , as central repositories to find open source software and information, Luallen told InfoSec attendees about the rich supply of vulnerability scanners, authentication software, penetration testing tools, antispam, intrusion-detection systems and more that exist as open source or freeware.
"The WiKiD Strong Authentication Server is a two-factor authentication server ," said Luallen, referencing ones he thought among the most useful . Among other great security tools there for the asking are SpamAssassin, which can identify spam, Splunk for log analysis, NTop for anomaly detection, TrueCrypt for encrypting data at rest, and the penetration-testing tool BackTrack. He said all are examples of useful security tools that companies should consider securing enterprise networks.
"Technically, the Splunk Log Analysis is not open source but it's freeware, Luallen said. "It can interpret log files from almost any application out there. We have to know what's going on in our environment, whether it's Linux, Windows, switches, routers, whatever you will." He added Splunk has become particularly useful because it can make use of the SANS Institute Top 5 log-analysis scripts.
Luallen said he had a few caveats about using open source and freeware tools in enterprises, however. These open source tools might be bought or their makers could abandon them. In addition, there's a risk that this easily available software could have a backdoor or malware in it, inserted either deliberately or because a hacker compromised it. "Anything you download off the Internet could have a backdoor or a 'phone home' associated with it," Luallen cautioned. He added some tools are also going to require a bit of programming skill to really take advantage of them.
Some of the better-known tools, such as Snort for intrusion detection and Nessus for vulnerability scanning, are "becoming more closed source as time goes on," he pointed out, and their originators either decide to focus more on commercial products or the tools are bought by a software vendor. Trend Micro, for example, recently bought the antispyware HijackThis from its Netherlands-based creator, but intends to keep it freeware for now.
There's such a rich supply of open source security software that stands up so well when compared with commercial counterparts, managers should be looking at using it, Luallen says. The open source ClamAV antivirus, for example, can be considered a suitable substitute for commercial desktop antivirus products. "I use it," he noted.
Other favorite picks in open source and freeware from Sph3r3:
- Honeynet.org offers open source tools for setting up online honeypots to observe hacker activity.
- NMap, a port scanner and operating system identification tool.
- Winfingerprint, for insight into available and running applications on a Windows system.
- Guardian, coupled with Snort to provide real-time blocking.
- RANCID, for monitoring and saving network device configurations and e-mail changes.
- VNC, developed by AT&T Laboratories for remote system management.
- RDesktop, allows a Linux/Unix system to access Windows Terminal Services.
- Request Tracker, an openly available trouble-ticket system.
- FreeRadius, a RADIUS Server for centralized user authentication.
- The wireless sniffers, Kismet, Airsnort, Airsnarf and Bluesniff.
- Nagios for system and application monitoring for faults with active response.
- Smokeping, an application performance monitor.
- IPerf, a network performance tester.
- For centralized logging and parsing, AWStats, Swatch, Snare, fwanalog.
- For Virtual Private Networks, Stunnel, Zebedee and freeswan.
- Axcrypt for file system encryption.
- Arpwatch for monitoring local ARP tables.
- VOMIT for audio of sniffered Cisco VoIP datagrams.
- Squid proxy server for fast HTTP, FTP, SSL Accelerator.
- NetFlow for generating and archiving flow information for data traffic.
- Ethereal, a network sniffer and analyzer.
- Pixilate, a traffic generator for security rule validation.
- Zoneminder for supporting multiple video cameras and real-time notification of movement.
- Firewalls: Redwall, Dan's Guardian.
COMMENT ON THIS ARTICLE