Open-source security tools fit the enterprise bill

Open source technologies already permeate most data centers, and their influence is spreading. However, data center managers who wouldn't think twice about dropping a new Linux server into a rack feel very differently about building an open source firewall as the main barrier between their own network and the great unwashed. Security remains outside the open-source comfort zone.

See related story on How you're already using open source security

Still, there are four primary arguments in favor of open-source security tools: agility in the face of changing threats, control of one's own destiny with full source code, customization to one's own requirements, and lower cost (see "Agility, control, customization, affordability"). With that in mind, good examples of freely available security products abound.

Greater agility in mail security

The e-mail security gateway is a perfect example of how open source products can answer the need for agility. The function of this gateway has changed from interoperability between disparate mail systems to security, with protection against spam and viruses - and now phishing protection and compliance requirements - at the top of the list. The gateway landscape continues to change quickly, with commercial products entering or leaving the market rapidly, and requirements changing just as fast. If companies opt for an open source solution - in which they build their own gateway from multiple components - they gain a high degree of agility, even though they also take on a substantial integration effort.

Antispam tool SpamAssassin, probably the poster child for open source security, is powerful enough to be at the core of several commercial products, including the popular Barracuda mail gateway. SpamAssassin is far from data center-ready, however. Companies using it probably will have to create (or adapt existing open source) Web front-end applications and find a framework for scaling across multiple systems. There also is the need for user quarantines for suspect mail, tools to deliver mail, periodic quarantine management, reporting and alerting, and system management. Companies also will have to wrap a message transport agent, such as Postfix, around SpamAssassin to send, queue and receive e-mail. While some open source projects, such as the MailWasher server and Maia Mailguard, have integrated an antispam engine with management tools and quarantine, none has the active and lively development and huge user community that SpamAssassin does.

SpamAssassin by itself is no longer the state of the art in spam identification. Reputation-based filtering has been demonstrated to be very effective when combined with a good content filter; and new protocols, such as Sender ID and DomainKeys, help fight phishing attacks. Integrating freely available reputation-based services, such as SpamHaus or SpamCop, with other antispam tools isn't impossible, but requires expertise in mail-gateway design and the open source applications. Antivirus capabilities also belong in any mail security gateway. The only credible open source option is ClamAV, although a company choosing a Linux base for its e-mail gateway also has the option of several commercial engines that run on Unix.