This article covers popular Open Source security tools which are used as a layered approach for securing your network.
The layered-security approach centers on maintaining appropriate security measures and procedures at five different levels within your IT environment: Data, Application, Host, Network and Perimeter. Implementing security at each level is very important to ensure end-to-end security and selecting top 10 tools from large group of open source projects was very difficult as the tool selection vary based on requirements. However I have selected the most popular security tools to provide security at each level. The selection based on feature set, simplicity and active among the community development for enhancing the tools better and better to match current IT standards and requirements.
This section covers encryption tools for providing security at the data level. Encrypting data which resides in local system and even when it travels across your network is a recommended best practice because, if all other security measures fail, a strong encryption scheme protects your data.
The following are some of the tools provide security at the data level:
GnuPG/GPG (GNU Privacy Guard) is a GNU project and it’s used for file and email encryption. This project is mainly created to provide an alternative solution to PGP (Pretty Good Privacy) and it complies with OpenPGP standards. GPG is a command line tool and its part of all the major Linux distributions (Fedora, CentOS, openSUSE, Ubuntu).
One simple use case: Taking data backup is a common task and most of the time we store the data with un-encrypted format. Using GPG, generate public and private key in your backup server and import the public key to all data servers from where you want to take backup and encrypt it. This way, your backup infrastructure fulfills the IT security policy.
There are many open source utilities out there for disk level encryption. I have considered Truecrypt for disk level encryption. It’s an open-source security tool used for on-the-fly disk encryption. Truecrypt encrypts the data automatically right before it is saved to the disk and decrypts right after it is loaded from the disk, without any user intervention.
Application security is as important as other levels of security. Now a day’s web presence and web development companies are increasing drastically. Similar way, web vulnerabilities are also increasing and most of the vulnerabilities are discovered after deployment. The main reason for application security threats are as security aspects are not considered during the application design and development.
The following project helps application developer to design and develop secure application.
The Open Web Application Security Project (OWASP) is an open-source web application security project and it provides best practices, tools, guidelines, testing procedures and code review steps that software developers, architects and security practioners can follow to design and develop design secure software. OWASP chapters are available all over the world. You can join to the chapter which is local to you and start learning and contributing to the project.
The host level security protects the individual devices, such as servers, desktops, laptops etc., on the network. The tools which are discussed in this section provide excellent protection at the host level because they are designed to meet specific characteristics of a single device.
The following are some of the tools provide security at the host level:
Securing the data by encrypting it is not enough to make sure that our data is secure. ClamAV is considered as antivirus engine to scan all our data which is coming from various sources. ClamAV is an open-source antivirus engine which is designed for detecting Trojans, viruses and malwares, to prevent the unauthorized access of the data. It acts as mail gateway scanner, thus scanning all the incoming emails before they are sent to the user mailbox.
OSSEC (Open Source SECurity) is an open source Host based Intrusion Detection System (HIDS) that provides log monitoring and SIM/SEM solution.
Most of the banking customers primarily look for compliance requirements such as Payment Card Industry Data Security Standard (PCI DSS), HIPPA etc. OSSEC helps customers to meet such standards and it helps to integrate with existing infrastructure such as Security Incident Management/Security Event Management (SIM/SEM). Adoption of OSSEC by the IT industry is growing very rapidly.
The key features of OSSEC,
- File integrity checking
- Log monitoring
- Rootkit detection
- Active response
- Network security
The network level security refers to your internal LAN and WAN. Your network may include desktops, servers, laptops and other devices which are required for internal and external communication. Unlike host level security tools, the network security tools are extended to communicate with the hosts connected to the network and provides consolidated vulnerable information.
The following are some of the tools provide security at the network level:
Snort is an open source network Intrusion Detection and Prevention System (IDS/IPS). It performs detection and analysis of network traffic moving across your network in much greater detail than your firewall. Similar to anti-virus engine, IDS and IPS tools analyze traffic and compare each packet to a database of known attack profiles. IDS tools alert your IT staff that an attack has occurred; IPS tools go a step further and automatically block the harmful traffic. It takes major role in most company security architectures.
Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and management system. It’s an alternative system to Nessus.
Vulnerability management is a security practice designed to proactively prevent the exploitation of vulnerabilities that exist within organization. Vulnerability management alone does not fix vulnerabilities. Patch and configuration management and antivirus software to block or eliminate identified malware.
Backtrack is a well-known Linux based security distribution used for penetration testing. It’s a one stop solution for security professionals and includes more than 300 open source security tools. The tools are neatly categorized into different areas.
Open Source Security Information Management (OSSIM) provides a Security Information and Event Management (SIEM) solution. It is a one-stop solution and integrated the open source software’s NTOP, Mrtg, Snort, OpenVAS, and Nmap. OSSIM is a cost effective solution in the area of monitoring network health and security of network/hosts compared to other propriety products.
Perimeter is the area where your network ends and the Internet begins. The perimeter consists of one or more firewalls to protect your network. The following is one of tool that provides perimeter security:
IPCop is a Linux based firewall distribution and it’s configured and made ready to protect your network. It can be run on a standalone machine or deployed at edge network i.e. behind ISP network. IPCop also offers DHCP server, DNS server, Proxy server and Intrusion Detection functionalities.
 GnuPG (www.gnupg.org)
 Truecrypt (www.truecrypt.org)
 OWASP (www.owasp.org)
 ClamAV (www.clamav.net)
 OSSEC (www.ossec.net)
 Snort (www.snort.org)
 OpenVAS (www.openvas.org)
 Backtrack (www.backtrack-linux.org)
 OSSIM (http://sourceforge.net/projects/os-sim/)
 IPCop (www.ipcop.org)