Network vulnerability scanner: Nessus
Nessus is found in the toolbox of well-funded and cash-strapped security organizations alike. Nessus tests all aspects of a target including the operating system, ports, services, and applications. Available via open source or commercial subscription, the difference is frequency of vulnerability updates -- up-to-the-minute or seven days.
Network intrusion prevention: Snort
The de facto standard for intrusion detection and prevention systems, Snort is at the top of the hill in community support. Snort performs real-time traffic analysis and packet logging, and now even has content monitoring under its belt. A wealth of add-on projects bring graphical front ends to the Pig and central management to multiple Pig boxes.
Anti-firus gateway: ClamAV
Recently acquired by Sourcefire, the owner of Snort, ClamAV stands alone in open source anti-virus. Designed for e-mail gateways, ClamAV's detection engine is fast and signature updates are frequent. ClamAV works well with Spamassassin within the MIMEDefang filtering framework for e-mail servers.
Anti-spam gateway: Spamassassin
Powerful, extensible, and effective, Spamassassin uses a trainable neural network engine to identify spam and minimize false positives, in addition to the classic techniques of blacklisting and Bayesian filtering. It's also well supported, and well documented, with many books, guides, and add-ons available.
Firewall: IPCop
IPCop is a complete Linux distribution whose sole purpose is network protection. IPCop turns any old PC into a high-functioning firewall appliance, with stateful inspection, IPSec VPN, and even the Snort IPS. The refined Web management interface of IPCop gives it our nod over close runner-up SmoothWall.
Application firewall: SELinux
A product of the National Security Agency, and well supported by the security community, SELinux implements a mandatory access control architecture for the Linux kernel and major subsystems that keeps every process in check, ensuring that the action of one process cannot flow into another. Even the superuser is placed in isolation.
VPN: Open VPN
Secure connectivity is a problem best solved using Open VPN , an SSL VPN that simply outshines the open source competition. OpenVPN can be used to secure site-to-site links, remote access connections, and Wi-Fi networks, providing load balancing and failover. And it supports all ciphers and key sizes supported by OpenSSL.
Security testing best practices: Open Source Security Testing Methodology Manual
The OSSTMM project provides an entire testing framework for multiple security areas of the enterprise, including physical security, information security, and even controls for preventing fraud and social engineering attacks. It offers testing templates, intense community support, and a first rate architect in Pete Herzog.
No comments:
Post a Comment