Security via open source

ORLANDO - Open source security tools abound, so take advantage of them and avoid paying for commercial products if open source fits your needs. That was the message from Matthew Luallen, president of consulting firm Sph3r3, who spoke at yesterday’s InfoSec Conference.

Pointing to two Web sites, Freshmeat.net and Sourceforge.net, as central repositories to find open source software and information, Luallen told InfoSec attendees about the rich supply of vulnerability scanners, authentication software, penetration testing tools, antispam, intrusion-detection systems and more that exist as open source or freeware.

“The WiKiD Strong Authentication Server is a two-factor authentication server,” said Luallen, referencing ones he thought among the most useful . Among other great security tools there for the asking are SpamAssassin, which can identify spam, Splunk for log analysis, NTop for anomaly detection, TrueCrypt for encrypting data at rest, and the penetration-testing tool BackTrack. He said all are examples of useful security tools that companies should consider securing enterprise networks.

“Technically, the Splunk Log Analysis is not open source but it’s freeware, Luallen said. “It can interpret log files from almost any application out there. We have to know what’s going on in our environment, whether it’s Linux, Windows, switches, routers, whatever you will.” He added Splunk has become particularly useful because it can make use of the SANS Institute Top 5 log-analysis scripts.

Luallen said he had a few caveats about using open source and freeware tools in enterprises, however. These open source tools might be bought or their makers could abandon them. In addition, there’s a risk that this easily available software could have a backdoor or malware in it, inserted either deliberately or because a hacker compromised it. “Anything you download off the Internet could have a backdoor or a ‘phone home’ associated with it,” Luallen cautioned. He added some tools are also going to require a bit of programming skill to really take advantage of them.

Some of the better-known tools, such as Snort for intrusion detection and Nessus for vulnerability scanning, are “becoming more closed source as time goes on,” he pointed out, and their originators either decide to focus more on commercial products or the tools are bought by a software vendor. Trend Micro, for example, recently bought the antispyware HijackThis from its Netherlands-based creator, but intends to keep it freeware for now.

There’s such a rich supply of open source security software that stands up so well when compared with commercial counterparts, managers should be looking at using it, Luallen says. The open source ClamAV antivirus, for example, can be considered a suitable substitute for commercial desktop antivirus products. “I use it,” he noted.

Other favorite picks in open source and freeware from Sph3r3:

•  Honeynet.org offers open source tools for setting up online honeypots to observe hacker activity.