Security Tools

By eWeek Editors  |  Posted 2002-07-08 Print this article Print

Security Tools

In many ways, security tools can be considered open sources greatest stealth operative. Companies that dont think they use any open source at all are often surprised to find how much of their security infrastructure is based on open-source technology. In fact, there is a good chance that the commercial security applications and services they are using make very heavy use of open-source security tools.

Open-source security tools span a wide area, from traditional network management tools such as the Nmap port scanner, to vulnerability scanners that were originally treated as hacker tools by many, such as the original SATAN (Security Administrators Tool for Analyzing Networks) scanner, now called SARA (Security Auditors Research Assistant).

Simply listing all the open-source security tools out there would probably take up twice as much space as this article allows. Thats because most security researchers and companies often release tools such as scanners and auditors as open source. However, a quick glance through most of the categories shows that when it comes to security and open source, there is no choice—companies will have to base some of their security infrastructure on open source.

When it comes to finding out whats happening on your network, traditional Unix tools such as Tcpdump have been basics for administrators for a long time. Since these tools dont tend to look specifically for hostile traffic, there is also a whole set of open-source tools that look for intruders on a network. Probably the best known and most widely used of these is the Snort intrusion detection system.

For businesses looking for potential problems in their own systems, there are many audit and scanning tools available in the open-source community. Tools such as Nmap let administrators know which ports are running on their systems. More advanced tools such as SARA and Nessus will scan for known vulnerabilities and security holes.

Advanced security administrators can take advantage of a potentially dangerous set of open-source tools that can give them many of the same capabilities of a hacker, making advanced testing of security infrastructures possible. Tools such as Nemesis make it possible to simulate many forms of attacks through packet injection and creation.

When it comes to protection, there are a wide number of applications that let users encrypt and secure systems, from secure session tools such as OpenSSH to firewall management tools such as Firewalk. Our favorite tool in this area is the anti-worm application LaBrea. —Jim Rapoza


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel