Open source security solutions

There are lot of open source community for network scanner and IPS, anti-virus and anti-spam gateways, network and app firewalls, SSL VPN, and security testing framework. Here is some of the recognized ones

Network vulnerability scanner: Nessus

Nessus is found in the toolbox of well-funded and cash-strapped security organizations alike. Nessus tests all aspects of a target including the operating system, ports, services, and applications. Available via open source or commercial subscription, the difference is frequency of vulnerability updates -- up-to-the-minute or seven days.

Network intrusion prevention: Snort

The de facto standard for intrusion detection and prevention systems, Snort is at the top of the hill in community support. Snort performs real-time traffic analysis and packet logging, and now even has content monitoring under its belt. A wealth of add-on projects bring graphical front ends to the Pig and central management to multiple Pig boxes.

Anti-firus gateway: ClamAV

Recently acquired by Sourcefire, the owner of Snort, ClamAV stands alone in open source anti-virus. Designed for e-mail gateways, ClamAV's detection engine is fast and signature updates are frequent. ClamAV works well with Spamassassin within the MIMEDefang filtering framework for e-mail servers.

Anti-spam gateway: Spamassassin

Powerful, extensible, and effective, Spamassassin uses a trainable neural network engine to identify spam and minimize false positives, in addition to the classic techniques of blacklisting and Bayesian filtering. It's also well supported, and well documented, with many books, guides, and add-ons available.

Firewall: IPCop

IPCop is a complete Linux distribution whose sole purpose is network protection. IPCop turns any old PC into a high-functioning firewall appliance, with stateful inspection, IPSec VPN, and even the Snort IPS. The refined Web management interface of IPCop gives it our nod over close runner-up SmoothWall.     

Application firewall: SELinux

A product of the National Security Agency, and well supported by the security community, SELinux implements a mandatory access control architecture for the Linux kernel and major subsystems that keeps every process in check, ensuring that the action of one process cannot flow into another. Even the superuser is placed in isolation.

VPN: Open VPN

Secure connectivity is a problem best solved using Open VPN , an SSL VPN that simply outshines the open source competition. OpenVPN can be used to secure site-to-site links, remote access connections, and Wi-Fi networks, providing load balancing and failover. And it supports all ciphers and key sizes supported by OpenSSL.

Security testing best practices: Open Source Security Testing Methodology Manual

The OSSTMM project provides an entire testing framework for multiple security areas of the enterprise, including physical security, information security, and even controls for preventing fraud and social engineering attacks. It offers testing templates, intense community support, and a first rate architect in Pete Herzog.

Open Source Application servers

A number of free, or nearly free, application servers are available from open source groups.

To find out whether an open source product fits the needs of your organization, start by checking out a few of these better-known open source application servers:

• Enhydra, from Enhydra.org. Originally developed by Lutris Technologies, Open Source Enhydra is a Java/XML application server. It supports Sun Microsystems' J2EE standards for Java servlets and JavaServer Pages (JSP) and includes useful features such as an XML engine, object-to-relational mapping and database connection pooling.
  
• jBoss Group's jBoss server. jBoss is a J2EE Web application server that jBoss Group claims competes directly with BEA Systems' WebLogic and IBM's WebSphere. According to the jBoss Web site, 50,000 copies of the application server are downloaded each month. JBoss includes the JBossServer, which is the basic EJB container and JMX (Java Management eXtension) infrastructure; JBossMQ for JMS messaging; JBossMX for mail; JBossTX for JTA/JTS (Java Transaction API and Java Transaction Service) transactions; JBossSX for security; JBossCX for JCA (Java Connector Architecture) connectivity; and JBossCMP for container managed persistence.
  
• JOnAS, from ObjectWeb and Evidian. JOnAS is an implementation of the EJB specification. It's one of the projects of the ObjectWeb open source initiative (www.objectWeb.org), although tech support is available from Evidian (formerly BullSoft). JOnAS includes such features as JMX management, support for the JCA specification, a transaction manager, a database manager and an embedded implementation of JMS.
  
• PHP, from the Apache Software Foundation. PHP was developed by Zend Technologies and is now a project of the Apache folks. While not technically an application server, PHP acts much like one. It's a scripting language and environment that generates dynamic pages. Unlike an application server, notes Jean-Christophe Cimetiere, CEO of TechMetrix Research, a PHP server isn't an always-on process but is only activated when a request for a dynamic page is made.
  

• Resin, from Caucho. Resin is a servlet and JSP engine that has load-balancing capability and includes an HTTP/1.1 Web server. It's available under the Caucho Developer Source Licens
  
• Tomcat, from the Apache Software Foundation. Tomcat is the servlet container used in the official reference implementation for Sun's Java servlet and JSP technologies. Tomcat is released under the Apache Software License.

Open source replication software solutions

Open source replication solutions

• SymmetricDS - SymmetricDS is a web based, database independent, data synchronization system. Beyond replicating tables between relational databases the software incorporates functionality to handle a large number of databases, manage low-bandwidth connections and work within periods of network outage. The system supports two way replication, guaranteed delivery and multiple active schemas.
• Daffodil Replicator - Daffodil Replicator performs data replication based on the 'Publish and Subscribe' model. Replicator supports bi-directional data replication by either capturing a data source snapshot or synchronizing the changes. It monitors data changes, synchronizes all data changes on periodic basis or on-demand. Replicator can use pre-defined conflict resolution algorithms to resolve conflicts between data sources.
• drS - The db4o Replication System (dRS) is a replication system that leverages Hibernate. It enables synchronization of objects bi-directionally between distributed instances of relational databases such as Oracle or MySQL.
• Pollux - Pollux provides a framework for synchronizing data sources which share the same data format. The Record inferface of Pollux provides an abstractions for most kinds of data records, these may include PIM, database records or file/directories.
• Bhavaya - Bhavaya is library that supports real-time synchronized up-to-date access to continually changing data. The Bhavaya persistence layer is different from other implementations such as Hibernate and Castor in that the properties of Bhavaya's objects always reflect the current value of the data in the database.
• GCalDaemon - GCALDaemon offers two-way synchronization between Google Calendar and various iCalendar compatible calendar applications. GCALDaemon is primarily designed as a calendar synchronizer but it can also be used as a Gmail notifier, Address Book importer, Gmail terminal and RSS feed converter.
• Funambol Mobile Application server - The Funambol Mobile Application server ( originally named Sync4j )includes a certified implementation of the Open Mobile Alliance (OMA) Data Synchronization and Device Management protocols (OMA DS and DM, formerly known as SyncML).