Published on October 27th, 2008 | Post Views: 11,819 Hits1
50 Must-Have Open Source Tools for Security
The area of open source security software is growing rapidly, with a cornucopia of apps for every use: anti-spam, firewalls, forensics, encryption, log monitoring, passwords – the list is growing even as you read this.
In many cases, these open source security tools – many of which are free – are available for the Windows, Linux and Mac operating systems.
Winner of multiple Datamation Product of the Year awards, SpamAssassin uses header and text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases to block unwanted e-mail at the server level. It works with most mail systems and is available under the Apache license. Operating System: OS Independent.
This anti-virus toolkit is designed especially for protecting mail gateways and features a command line scanner, automatic updates, and more. Although the original ClamAV engine works only with Unix-like systems, numerous other projects (both open-source and commercial) have incorporated ClamAV. Operating System: Linux, Unix, BSD.
ClamWin provides a Windows front-end for the ClamAV antivirus toolkit. It features automatic updates, a scanning schedule, Outlook integration, and more. Operating System: Windows.
Developed by the NSA, Security Enhanced Linux adds mandatory access control features to the Linux OS. It enforces complete separation of information to make it more difficult to bypass application security mechanisms. Operating System: Linux, Unix.
Novell's application firewall uses policy-based profiles to control who can access various applications. It's included with openSUSE and SUSE Linux Enterprise, but is also available for download for any Linux system. Operating System: Linux.
Just slip a disk containing Darik's Boot and Nuke into your system, and it will automatically destroy all the data on any hard drive it can detect. It's ideal for cleaning up old computers before they are donated or recycled. Operating System: OS Independent.
Eraser completely eliminates a file so that it cannot be read with digital forensic tools. It overwrites data several times with random patterns erasing all traces of sensitive information. Operating System: Windows.
TruCrypt can create a virtual encrypted disk within a file or encrypt a partition or drive on a Windows system. It can also be used to encrypt a portable hard drive or USB flash drive. Operating System: Windows, Mac, Linux.
Simply right-click any file on Windows Explorer to encrypt it with AxCrypt. AxCrypt aims to make it as easy to work with encrypted files as it is to work with unencrypted files—just a lot more secure. Operating System: Windows.
WinSCP is a easy-to-use, basic SFTP and FTP client for Windows only. It also supports SCP. Operating System: Windows.
11. The Sleuth Kit
Need to recover a deleted file? The Sleuth Kit lets you read deleted data from NTFS, FAT, FFS, and EXT2FS file systems. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.
Gateway Security Appliance
A great alternative to expensive commercial security appliances, Untangle combines the best of open-source Web filtering, anti-spam, anti-spyware, anti-virus, intrusion prevention, firewall, VPN, and more into one download that can be used to turn any PC into a security appliance. Commercial support and other add-ons are available for a fee. Operating System: Linux.
Similar to Untangle, Endian Firewall Community can turn an old PC into a unified threat management (UTM) appliance that provides a firewall, anti-virus, anti-spam, content filtering, and a VPN. Pre-configured appliances and support are also available for a fee. Operating System: Linux.
14. Bastille Linux
Bastille Linux/Unix asks you questions about what level of security you need and then "locks down" your OS, educating you about a variety of security topics along the way. Formerly only available for Linux and Unix, it now comes in a Mac OS X version. Operating System: Mac, Linux, Unix.
Labeling itself "the de facto standard for intrusion detection/prevention," Snort is the most widely deployed intrusion detection/prevention system in the world. It can perform real-time traffic analysis, packet logging, protocol analysis, content searching, and more. Operating System: Mac, Linux, Unix, BSD, Solaris.
This host-based intrusion detection system boasts more than 5,000 downloads a month and is in use at a number of large organizations around the world. Key features include log analysis, file integrity checking, Windows registry monitoring, rootkit detection, and real-time alerting. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.
The Basic Analysis and Security Engine or BASE isn't an IDS itself, but it does works hand-in-hand with Snort to help you make sense of all your IDS data. It provides a Web interface that allows you to search and analyze alert messages. Operating System: OS Independent.
Log Monitoring and Analysis
Ettercap monitors your LAN, logging and intercepting potential attacks. Key features include sniffing of live connections, content filtering, and more. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.
With AWStats, you can generate graphical representations of Web, streaming, ftp, or mail server statistics. As a result, you can see at a glance what kind and how many attacks have been directed at your network without slogging through pages of data. Operating System: Windows, Mac, Linux, Unix.
Short for "System iNtrusion Analysis and Reporting Environment," SNARE collects and analyzes event log data. Multiple report formats are available. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.
While technically not open-source, Splunk is available for free and works so well it was worth inclusion in this list. It not only monitors log files, it analyzes what's happening, making it easier to follow the trail of a hacker and respond to threats. Plus, it can analyze other types of IT data (message alerts, performance data, etc.) as well as security-related files. Operating System: Windows, Mac, Linux, BSD, Solaris, AIX.
Multiple Function Security Solutions
Short for "Open Source Security Information Management," OSSIM combines 12 separate open source security tools, including Snort, Nessus, Nagios, and others. The dual goals are to prevent intrusions and give administrators a complete, detailed view of the entire network. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.
Combining Wireshark, Nessus, Snort, Nmap, Ntop, Kismet, and many other well-known open-source security apps, NST aims to provide network security administrators with a comprehensive set of security tools. It provides network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, and a host of other functions. Operating System: OS Independent.
Kismet is a combination wireless network detector, packet sniffer, and IDS. Often used to detect unprotected or hidden networks, it's a valuable tool for checking the security of your wireless network, as well as monitoring network activity. Operating System: Windows, Mac, Linux, Unix, BSD.
Vyatta offers a free, enterprise-class firewall/router/VPN that runs on standard x86 PCs. Software upgrades, support, and pre-configured devices are also available for a fee. Operating System: Linux. <
Ideal for small businesses, IPCop allows you to take any PC and turn it into a Linux-based firewall appliance for securing your network and improving Web browsing. It also includes a handy remote management feature. Operating System: Linux.
Like IPCop, SmoothWall turns old PCs into Linux-based network firewall appliances. Enterprise users and others with larger networks are encouraged to use SmoothWall Limited, the commercial version of the project. Operating System: Linux.
27. Firewall Builder
Firewall Builder is not a firewall, but it does make firewalls easier to use. It simplifies the process of establishing rules and supports iptables (netfilter), ipfilter, pf, ipfw, Cisco PIX (FWSM, ASA) and Cisco routers extended access lists. Operating System: Mac, Linux, Unix, BSD.
This firewall's claim to fame is that anyone can get it up and running in just a couple of minutes. It can be used on desktops, servers, or gateways, and the interface is very easy to understand. Operating System: Mac, Linux, Unix, BSD.
Nagios aims to inform you of problems with your network before your users do. And when it detects an attack, outage, or other problems, it can be configured to send you an alert via e-mail, IM, or text message. Operating System: Linux, Unix.
Formerly known as Ethereal, Wireshark bills itself as "the world's foremost network protocol analyzer" and "the de facto standard." It offers deep inspection of hundreds of protocols, live capture for offiline analysis, VOIP analysis, and much more. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.
This older packet sniffer uses fewer resources and has fewer security holes than the newer, prettier apps. Note that if you use Windows, you'll need a separate download known as WinDump. Operating System: Mac, Linux, Unix, BSD.
Nmap quickly takes inventory of your entire network, no matter what the size. As a result, security audits are easier and updates are simplified. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.
33. Angry IP Scanner
This fast, simple tool scans IP addresses and ports to provide information about your network. And if you need additional information other than what's provided with the standard tool, it's easy to write extensions. Operating System: Windows, Mac, Linux.
Honeytrap is designed to give you an early warning of an attack. It collects and displays data about possible attacks, but does not block intrusions. Operating System: Linux, BSD.
35. OCS Inventory NG
It isn't exactly glamorous, but having an up-to-date list of all the hardware and software on your network can be invaluable for security planning. OCS Inventory NG keeps track of all the devices on your network and provides details like OSes, software, processors, memory, and much more. Operating System: OS Independent.
This lightweight password safe remembers all your passwords, so don't have to. For security, it encrypts your passwords using AES and Twofish, two of the most powerful encryption algorithms available. Operating System: Windows.
You shouldn't need a password cracker on a regular basis, but when an employee leaves without informing you of his or her password, it's handy to have one in your toolkit. This one works pretty well and can run directly from a CD. Operating System: Windows, Mac, Linux, Unix.
WiKID provides Java-based two-factor authentication. Note that you'll need a PDA or USB device you can use as a token in order to make it work. Operating System: OS Independent.
39. Password Safe
An alternative to KeePass, Password Safe gives you the option of creating multiple encrypted password databases (for home and work, for example). It can also generate strong passwords for you. Operating System: Windows.
Developed by the OpenBSD project, OpenSSH offers a set of SSH, SCP, and SFTP tools for secure remote access and file transfer. It encrypts all traffic, including passwords, to make hijacking nearly impossible. Operating System: Linux, Unix, BSD.
This basic telnet/SSH client offers remote access for most Windows and Unix systems. Note that it does not support Vista. Operating System: Windows, Unix.
Despite its lightweight configuration, OpenVPN offers a robust, full-featured SSL VPN that works equally well for both small businesses and enterprises. Key features include load balancing, failover, and flexible access control, including support for two-factor authentication. Operating System: Windows, Mac, Linux, BSD, Solaris.
With the SingleClick addon, UltraVNC is ideal for helpdesk situations. Key features include secure file transfer and chat capabilities. Operating System: Windows.
Short for "Another File Integrity Checker," Afick is very similar to Tripwire, which is now a commercial product. It alerts you to changes on your system that may have been caused by intrusions. Operating System: OS Independent.
The "world leader in active scanners," Nessus quickly scans your entire network locating vulnerable data and resources and detecting when security policies have been breached. The latest versions of Nessus are free to download, but are no longer open source. However, you can still download the older open source version and the source code from the site. Operating System: Windows, Mac, Linux, BSD, Solaris.
One of the best ways to test the security of your network is to use the same tools hackers are likely to be using. As the standard attack and penetration toolkit, Metasploit gives you the opportunity to find vulnerabilities before the black hats do. Operating System: Windows, Unix.
Nikto scans Web servers for thousands of dangerous files and server-specific problems. Optional automatic updates are available. Operating System: Windows, Mac, Linux, Unix, BSD.
This Java-based scanner intercepts all http and https data transmitted between server and client to help evaluate the security of Web applications. It includes a spider, proxy-chaining, intelligent scanning for XSS and SQL injections, and more. Operating System: OS Independent.
Designed primarily for Debian and Ubuntu, ProShield scans your system to make sure your software is up-to-date and that you haven't picked up any malware. It also reminds you to backup your system, checks your available disk space, and performs other routine maintenance checks. Operating System: Linux.
Short for "Internet Secure Access Kit," iSAK blocks access to objectionable Web sites based on user-defined rules and provides a variety of reports so that you can see what sites your users have been visiting. You can block entire categories of sites (e.g., adult content, gaming, etc.) or block access by domain, URL, or a number of other criteria. Operating System: Linux, Unix, BSD.