By Jack M. Germain LinuxInsider
08/20/07 4:00 AM PT
Having many more eyes watching the code and a community of developers backing up users, open source security applications provide a wide range of options and made-to-order uses. Here's a list of 10 serious open source security applications, gathered via the word-of-mouth of the CSOs who use them.
What’s Linux with a Lineage? Verio Linux VPS delivers root access, advanced FairShare technology for better performance, and support that's actually supportive. It's all from Verio, the Virtual Private Server technology pioneer with over 500,000 customers. Test-drive Linux VPS here.
Open source security products do not generally carry the same following as their business suite and
operating system brethren. However, the same reasons for supporting open source products in general also apply to open source security applications.
Open source security applications are free, or at least much less costly than their proprietary counterparts.
Even when the cost of paid support is factored in, they provide much more bang for the buck.
Having many more eyes watching the code and a community of developers backing up users, open source
security applications provide a wide range of options and made-to-order uses.
In Part 1 of this two-part series, LinuxInsider detailed a company's attempt to gain credibility for their open source security product. For Part 2, LinuxInsider spoke with several chief security officers of leading companies to compile a list of the serious open source security applications they use. Our list is not ranked in preference or based on our own testing. Instead, we relied on one of the strongest endorsements available: word of mouth.
Kismet
Kismet is a console-based 802.11 layer2 wireless network detector, sniffer and
intrusion detection system. Kismet identifies networks by passively sniffing and can decloak hidden or
non-beaconing networks.
It can automatically detect network IP blocks by sniffing TCP (transmission control protocol), UDP (user datagram protocol), ARP (address resolution protocol) and DHCP (dynamic host configuration protocol) packets. Also, it can log
traffic in Wireshark/TCPDump compatible format. It runs on Linux , OpenBSD, FreeBSD, Solaris, and/or other Unix variants, OS X for Mac and Windows. It has a command-line interface.
Snort
Snort is a network intrusion detection and prevention system long known for its traffic
analysis and packet logging strengths on IP networks. Through protocol analysis, content searching and
various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans and
other suspicious behavior.
Snort uses a flexible rule-based language to describe traffic that it should collect or pass and a modular
detection engine. Snort is one of the most widely deployed intrusion prevention systems for detecting and preventing attacks on corporate assets. Snort can be configured for
use by individuals and small businesses as well.
It runs on Linux, OpenBSD, FreeBSD, Solaris, and/or other Unix variants, OS X for Mac and Windows. It has a
command-line interface.
Secure Shell
SSH (Secure Shell) allows users to log into or execute commands on a remote machine. It
provides secure encrypted communications between two untrusted hosts over an insecure network. Plus, it
replaces other insecure telnet/rlogin/rsh alternatives.
Many Unix users run the open source OpenSSH server and client. Some Windows users prefer the free PuTTY
client, which is also available for many mobile devices. Other Windows users prefer the terminal-based
port of OpenSSH that comes with Cygwin.
SSH runs on Linux, OpenBSD, FreeBSD, Solaris, and/or other UNIX variants, OS X and Windows. It has a
command-line interface.
PGP Encryption
PGP is a free encryption program for securing data from eavesdroppers and other risks.
GnuPG is based on the open source implementation of the PGP standard. PGP is the executable
version and has a license fee for some uses.
It runs on Linux, OpenBSD, FreeBSD, Solaris, and/or other UNIX variants, OS X and Windows. It has both command-line and graphical user interfaces (GUI).
RKHunter
RKHunter is a scanning tool that checks for evidence
of pieces of malware such as rootkits, backdoors and local exploits. It runs many tests, including MD5
(Message-Digest algorithm 5) hash comparisons, default filenames used by rootkits, wrong file permissions for binaries. It also hunts
for suspicious strings in LKM (loadable kernel module) and KLD (dynamic kernel linker facility) modules.
It runs Linux, OpenBSD, FreeBSD, Solaris, and/or other Unix variants and has a command-line interface.
ClamAV
ClamAV is an antivirus scanner that focuses on integration with mail servers for
attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner
and a tool for automatic updating via the Internet . Clam AntiVirus is based on a shared library
distributed with the Clam AntiVirus package that runs with other software . The virus database is kept up
to date.
It runs on Linux, OS X, OpenBSD, FreeBSD, Solaris and/or other Unix variants and Windows. It has a
command-line interface.
TrueCrypt
TrueCrypt is an open source disk encryption system. It can encrypt entire file systems
and access data on the fly without user intervention beyond entering the passphrase initially. A special
feature hides a volume for an added layer of secrecy to sensitive content. Decrypting the primary level
does not affect this second hidden volume.
It runs on Linux and Windows and has both command-line and GUI Interface.
Bastille
The Bastille Hardening Program locks down the operating system by proactively
configuring it for increased security and decreasing its susceptibility to compromise. Bastille also
assesses a system's current state of hardening. It granularly reports on each of the security settings
with which it works.
Bastille currently supports the Red Hat (NYSE: RHT) (Fedora Core, Enterprise, and Numbered/Classic), Suse, Debian,
Gentoo and Mandrake distributions, along with HP-UX and Mac OS X. Bastille's forte is its focus on letting
the system's user/administrator decide what to harden beyond the default mode.
It interactively questions the user about security goals and options, explains the topics of those
questions, and builds a policy based on the user's answers. In its assessment mode, it builds a report on
all available security settings and which settings have been tightened.
IP Filter
IP Filter is a security package for providing network address
translation or firewall services. It can be used as a loadable kernel module or incorporated into
the Unix kernel.
The package includes scripts to install and patch system files. IP Filter is distributed with FreeBSD,
NetBSD and Solaris.
It runs on Linux and OpenBSD, FreeBSD, Solaris and/or other Unix variants and uses a command-line
interface.
SpamAssassin
SpamAssassin is a spam-filtering product sponsored by the Apache SpamAssassin Project. It uses a wide variety of local and network tests to identify spam signatures.
This makes it harder for spammers to identify one aspect around which they can craft their messages.
Antispam tests and configuration are stored in plain text, making it easy to configure and add new rules.
It uses an abstract API (application programming interface) to enable integration anywhere in the e-mail stream. The core distribution consists
of command line tools to perform filtering along with a set of Perl modules which allow SpamAssassin to be
used in a wide range of products.
It runs on Linux and OS X and uses a command-line interface.
products do not generally carry the same following as their business 
products in general also apply to open source security applications.
Letters: 
Talkback: 
