Open source has gained quite a bit of traction lately in the Enterprise, and although I have supported Linux since the early 90s, I've often stated: "Open source does not ensure quality. " Actually, I usually say it more directly: "No matter how much you polish..."
However, on the security front, some of the most useful tools are open source. Also, many current commercial security offerings are based upon open source projects. The following are open source security tools that you should consider having in your tool box if you support enterprise security as part of your job.
nmap (http://nmap.org/) is an open source network scanner and is great for identifying network services, host operating systems, basic inventory, and general network troubleshooting. nmap runs on all major computing platforms.
Wireshark (http://www.wireshark.org/), previously known as Ethereal, is an open source network sniffer. It is a GUI-based sniffer and its quality is second to none, commercial or otherwise.
tcpdump (http://www.tcpdump.org) is also an open source sniffer. It is not GUI-based; however, it does come on many platforms and does not require graphics support, so it is easily placed on systems without a windowing system.
snort (http://www.snort.org) is one of the best intrusion detection systems available. It is a network-based detection system and comes with rules to identify almost all major security attacks quickly after they are known. The one downside to the tool is that the signature files are not for free use until after 30 days of their release. Subscriptions for immediate use are available starting at $499.00 each.
SNIPS (http://www.netplex-tech.com/snips/) is a bootstrap network monitoring system that is easily and quickly deployed. Although nowhere near as sophisticated as the open source OpenNMS, it is also much easier to deploy and use.
In a future Your Net News, I'll cover open source system tools.
Like Your Net News? Share it!