Avoiding the risks
However, he urged that administrators exercise caution when using new open-source tools because of the risk of downloading tainted files. Luallen also recommended the use of NetFlow, a traffic profile monitoring technology that has been adopted by companies such as Cisco Systems Inc., Foundry Networks Inc. and Juniper Networks Inc.Open-source implementations of the technology can be used to isolate traffic to a single malicious IP address and produce results of traffic to a compromised host. NetFlow results can also be inverted to see a list of hosts contacted by an attacker. Also making Luallens list was Spam Assassin, the spam-filtering tool being managed by the open-source Apache Foundation. Spam Assassin can be used in a business to identify unwanted e-mail and set up routing filters. "Spam Assassin can run out-of-the-box in 15 to 20 minutes, and its a fantastic product," Luallen said. He also urged the audience to get familiar with Nessus, the open-source vulnerability scanner that automates the discovery and testing or security flaws. Nessus features client-server technology that allows tests to be conducted from various points in the network. "It has a plug-in architecture that lets you use new vulnerability testing logic, and you can even write your own scanning scripts," Luallen said. Luallens open-source security toolset list also included Nikto, a scanner that performs tests against Web servers for potentially dangerous files; WinFingerPrint, which uses SMB to enumerate OS, users, groups, password policies, service packs and hotfixes; IPerf, a bandwidth-measuring utility; and OpenSSL, the open-source effort to develop a full-featured toolkit implementing SLL and TLS protocols. Luallen also encouraged businesses to pay attention to publicly posted security policies from security research institutions. Click here to read more about a cyber-terrorism analysts address at the InfoSec World 2005 conference that warned against discounting the danger of a cyber-attack. "Security is a process, not a product. End-user awareness is a gigantic part of the process," he said, adding that the SANS Institute and the University of Toronto offer useful policy documents. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
NetFlow describes the method for a router to export statistics about the routed socket pairs.