Open Source Security Tools Abound

All of us must take advantage of Open Source security tools, because it offers solutions for all our needs.

Why we must pay for commercial products, if open source fits our needs?

This message was coming from the president of consulting firm Sph3r3, Matthew Luallen. This had presented its opinion at the InfoSec Conference.
Luallen was pointing to few web sites, like Sourceforge.net and Freshmeat.net, which are the central repositories where we can find open source software and information.
He also told that InfoSec attendees about the rich supply of vulnerability scanners, penetration testing tools, authentication software, intrusion and detection systems, antispam and many more.

Luallen told that the WiKiD Strong Authentication Server is a two factor authentication server and he was referencing ones he thought among the most useful. Other great security tools are: Splunk for log analysis, SpamAssassin, which can identify spam, NTop for anomaly detection, penetration-testing tool BackTrack and TrueCrypt for encrypting data. Luallen said that all these examples can be very useful security tools, which all of us must consider securing enterprise networks.
If we think, technically, the Splunk Log Analysis can’t be considering an open source, but it is freeware.
Splunk Log Analysis can interpret log files for almost any application known and has become very useful because it can make use of the SANS Institute Top 5 log-analysis scripts.

Although he supports the uses of open source and freeware tools in enterprises, Luallen told that these open source tools might be bought or their makers could abandon them. So, it might be a risk that this easy to obtain software could have a backdoor or malware in it, inserted either deliberately or because a hacker compromised it. We all know that everything you download off the Internet could have a backdoor or a phone home associated with it.

Tags: open source, open source utils, software, backdoor, download, Luallen, SpamAssassin, antispam, analysis, tools