ORLANDO - Open source security tools abound, so take advantage of them and avoid paying for commercial products if open source fits your needs. That was the message from Matthew Luallen, president of consulting firm Sph3r3, who spoke at yesterday’s InfoSec Conference.

Pointing to two Web sites, Freshmeat.net and Sourceforge.net, as central repositories to find open source software and information, Luallen told InfoSec attendees about the rich supply of vulnerability scanners, authentication software, penetration testing tools, antispam, intrusion-detection systems and more that exist as open source or freeware.

“The WiKiD Strong Authentication Server is a two-factor authentication server,” said Luallen, referencing ones he thought among the most useful . Among other great security tools there for the asking are SpamAssassin, which can identify spam, Splunk for log analysis, NTop for anomaly detection, TrueCrypt for encrypting data at rest, and the penetration-testing tool BackTrack. He said all are examples of useful security tools that companies should consider securing enterprise networks.

“Technically, the Splunk Log Analysis is not open source but it’s freeware, Luallen said. “It can interpret log files from almost any application out there. We have to know what’s going on in our environment, whether it’s Linux, Windows, switches, routers, whatever you will.” He added Splunk has become particularly useful because it can make use of the SANS Institute Top 5 log-analysis scripts.

Luallen said he had a few caveats about using open source and freeware tools in enterprises, however. These open source tools might be bought or their makers could abandon them. In addition, there’s a risk that this easily available software could have a backdoor or malware in it, inserted either deliberately or because a hacker compromised it. “Anything you download off the Internet could have a backdoor or a ‘phone home’ associated with it,” Luallen cautioned. He added some tools are also going to require a bit of programming skill to really take advantage of them.

Some of the better-known tools, such as Snort for intrusion detection and Nessus for vulnerability scanning, are “becoming more closed source as time goes on,” he pointed out, and their originators either decide to focus more on commercial products or the tools are bought by a software vendor. Trend Micro, for example, recently bought the antispyware HijackThis from its Netherlands-based creator, but intends to keep it freeware for now.

Whitepapers

• The ROI and TCO Benefits of Data Deduplication for Data Protection in the Enterprise
• Best Practices in Lifecycle Management: Comparing KAC(tm), Altiris, LANDesk, and Microsoft SMS
• Security vs. Flexibility: Must IT Management Choose?
• Systems Management Buyer's Guide For Medium Enterprises
• The Trend from UNIX to Linux in SAP(r) Data Centers
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• IT Buyer's Guide to Security Information Management
• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports