Are open source network security tools really as secure as those available for sale?
Yes, say a growing number of enterprises implementing open source security tools. While some are understandably hesitant to employ solutions that are openly available to hackers and users alike, many organizations are finding that open source tools not only cost less than their commercial counterparts, they are at least as secure as commercial products, if not more so.
“Generally speaking, I think the reliance on open-source security tools in enterprise is increasing, but relatively slowly,” reports Ed Moyle of consulting firm Security Curve. “We are seeing reduction in use within areas that have traditionally been dominated by open source, but that reduction is being made up for by some relatively rapid gains in other areas that have been traditionally dominated by commercial tools.”
Should your company follow the crowd moving towards open source network security? That depends on which is more important to you: an agile solution that doesn’t cost much or a comprehensive solution that comes with plenty of support.
The Benefits of Open Source Security
Obviously, the number one benefit of incorporating open source tools into your security plan is the cost—or rather the lack of cost. While no software implementation is ever truly free (you always have staff time involved), getting the code at no charge can be a huge attraction for budget-conscious IT departments.
Free software can be particularly attractive when the software is being deployed in order to cope with a changing regulatory environment. “Regulatory issues can arise rapidly and are often outside of the budget cycle,” notes Moyle. “Open-source solutions can be rapidly deployed at the cost only of a time investment from technical staff —while the commercial counterpart might require a whole budget acquisition process, approval, contract negotiation, etc.”
Open source tools also provide companies with greater agility and control over their own security. Small commercial security software vendors go in and out of business with alarming regularity. In some cases, companies have no way to know if the product they purchase today will still be available in a few years. Using open source tools allows you to customize your security solution to meet your needs today and to modify that solution in the blink of an eye when your needs change.
Finally, proponents of open source security tools often argue that allowing everyone to see the source code naturally results in a more secure product. Enterprises can view and test the code before they choose to implement it. And theoretically, because so many eyes are looking at the code, there are many more chances to find bugs.
On the other side of the argument are those who believe that open-source tools are not as secure as commercial tools with “secret” code. After all, the “bad guys” can access the code just like the “good guys.” However, most experts seem to agree that open source software can be secure—if programmers actually take the time to evaluate it.
“Just because a program is open source does not guarantee security,” concludes open source security writer Dan Wheeler. “People have to actually review the code.”
The Drawbacks of Open Source Security
The biggest downside of open-source security tools is the lack of support. While many tools have very active user communities and/or the option of paying for support, many do not. The problem is particularly bad for newer tools that haven’t yet built a large install base. This lack of accountability can turn away some potential users.
Moyle says that when they select software, many companies “want to make sure that there is someone to get support from and that there is someone to hold accountable in the event that there’s an issue. In the open source world, these things can be hard to come by.”
Secondly, as good as they are, many open source tools are not enterprise-ready without some significant adaptation. In most cases, companies end up cobbling together a number of different open source tools along with some code developed in-house in order to create a complete solution. Many also combine some open source code with some commercial products in order to achieve the results they want.
Next page: The List of Ten Open-Source Security Apps
Ten Open-Source Security Apps Worth Consideration
If you’re thinking about using some open-source components as part of your security plan, you have literally thousands to choose from. At the time of publication, Freshmeat.net listed 1,232 open source security projects, and SourceForge.net listed 3,334. To help narrow the scope, here’s a list of ten open source security apps that the experts point to most often as being valuable for the enterprise.
Nessus claims to be ” the world’s most popular vulnerability scanner used in over 75,000 organizations world-wide.” While the scanner is available for free download, a yearly direct feed subscription updated with all the latest threat information costs $1,200 from Tenable Network Security. Nessus is available for Linux, FreeBSD, Solaris, Mac OS X, and Windows.
This intrusion detection system (IDS) is so effective it’s become the number one IDS in the world and has been incorporated into a number of commercially available products. In addition to the free download, Snort’s developer, Sourcefire, offers commercial products based on the open-source code. It’s available for Linux, Windows, FreeBSD, and OS X.
Specifically designed for enterprise users, Nagios monitors network services, host resources, and environmental factors and identifies potential vulnerabilities. As well as providing a graphical representation of network functions, it can send alerts via e-mail or pager. It works best on Linux, but can run on *NIX systems as well.
No list of open-source security tools would be complete without SpamAssassin. A two-time Datamation Product of the Year winner, this anti-spam tool is the “secret sauce” behind a number of commercial products, as well as being put to good use by a number of e-mail hosting vendors and spam filtering vendors. Experts often recognize SpamAssassin as the best open-source anti-spam tool available. (OS-independent)
The largest and most widely used open-source anti-virus tool, Clam Antivirus is highly respected and generally acknowledged to be as good as commercial antivirus packages. The original source code supports UNIX-based systems, but the site also links to third-party solutions for Linux, BSD, and Windows.
This toolkit makes use of the Secure Sockets Layer and Transport Layer Security protocols, as well as the SSLeay cryptography library. It’s certified to meet FIPS-140 standards, and widely used by large organizations and commercial software providers. (OS independent)
This implementation of Secure Shell (SSH) technology allows administrators to operate a remote host using a public key. Developed by the OpenBSD project, OpenSSH encrypts all traffic, including passwords, in order to protect it from hackers and identity thieves. It’s integrated into most Linux distributions and Mac OS X, and versions are also available for Windows, Unix, Solaris, and others.
Short for “network mapper,” Nmap scans network ports and returns information about which hardware is connected to the network, operating systems, and application versions. It supports all major operating systems, including Windows, Linux, Unix, Mac OS X, and others.
9. Ossec HIDS
This host-based intrusion detection system (HIDS) has recently been gaining popularity among enterprise users, in part because of its high scalability. If an attack overcomes your network defenses, Ossec HIDS stops the attack at the host level, and it can be configured to notify the network administrator when an attack occurs. It’s compatible with many firewalls and all the major operating systems.
Wireshark titles itself “the world’s most popular network protocol analyzer.” Formerly known as “Ethereal,” Wireshark allows the user to see all traffic being passed over an Ethernet network. It runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others.