The Complete Magazine on Open Source

Ten Open Source Security Tools

, / 266 0
Virtual tuching
With security breaches occurring as often as they do on the Internet, it pays to take precautions against identity theft, denial of service attacks, DNS poisoning, etc. This article takes the reader through ten popular open source security tools.

With the world moving towards the IoT, Web and infrastructure security have become a paramount concern. It is now critical to maintain a safe and reliable world, and we have to implement security in our systems, networks and devices.
Most of the major innovators in the industry like Facebook, Google and Netflix have been the frontrunners in developing security tools along with the open source community.

Security threats
The transition from closed networks to enterprise-wide IT networks is gathering speed but naturally raising the alarm about threats like viruses, spyware, adware, malware, rootkits, etc. These security threats can cause a wide range of disruptions, ranging from denial-of-service (DoS) attacks to identity theft, DNS poisoning, etc, on the Web.
There are a lot of open source tools available to counter these threats so that your device is not at risk. Let’s look at 10 open source tools that are widely used in the industry.

1. OSQuery
OSQuery is developed by Facebook and is a simple tool for your Linux and Mac OS X infrastructure. Some of the important features of this tool include file monitoring, hardware changes, process creation and network traffic. This tool allows easy access to data and also logs system information based upon your queries.
It allows users to write automation scripts, apply actionable information security intelligence, and discover new ways in which your enterprise can change servers.

2. Security Onion
Security Onion is a Linux distro for IDS, network security monitoring (NSM) and log management. This is an intrusion detection system and is very simple to set up in your enterprise. Security Onion has three core functions: full packet capture, network-based and host-based intrusion detection systems (NIDS and HIDS, respectively), and powerful analysis tools.

3. Skyline
Skyline helps to detect the various anomalies in your infrastructure. It operates in realtime and is built to enable passive monitoring of hundreds of thousands of metrics. It is designed to be used wherever there is a large quantity of high-resolution time series, which needs constant monitoring. After Skyline detects an anomalous metric, it surfaces the entire time series to the Web app, where the anomaly can be viewed and acted upon.

4. Google Rapid Response
GRR, as it is more commonly called, is Google’s remote live forensics for incident response. GRR consists of an agent (client) that can be deployed to a target system, and server infrastructure that can manage and talk to the agent. It also has cross-platform support for Linux, Mac OS X and Windows clients. One of its most important features includes live remote memory analysis using open source memory drivers for Linux, Mac OS X and Windows, and the Rekall memory analysis framework.

OSSEC is an open source host-based intrusion detection system which has good features like log analysis, file integrity checking, policy monitoring, rootkit detection, realtime alerting and active response.
It runs on most operating systems, including Linux, Mac OS, Solaris, HP-UX, AIX and Windows.

6. Scumblr and Sketchy
Scumblr is a Web based application that allows users to perform periodic searches and take action based on identified results. It also searches by using plugins called search providers or APIs. Each search provider knows how to perform a search via a certain site or API (Google, Bing, Twitter, etc). Searches can be configured from within Scumblr based on the options made available by the search provider.

RAPPOR is a novel privacy technology that allows broad demographic statistics about populations to be inferred while preserving the privacy of individual users. This is developed by Google.

8. OpenVAS
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

9. OpenSSH
OpenSSH is a free version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin and ftp may not realise that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking and other attacks. Additionally, OpenSSH provides secure tunnelling capabilities and several authentication methods, and supports all SSH protocol versions.

MIDAS is a framework for developing a Mac Intrusion Detection Analysis System, based on work and collaborative discussions between the Etsy and Facebook security teams. This repository provides a modular framework and a number of helper utilities, as well as an example module for detecting modifications to common OS X persistence mechanisms.
As can be seen, there are a lot of tools available in the open source community that are driven in collaboration with many big innovators. In spite of this, the security considerations listed below need to be kept in mind as the world moves towards IoT:

  • Always use a firewall and make sure it is ‘Enabled’
  • Always use an antivirus
  • Always use the updated software
  • Be aware of spam/phishing scams
  • Never reuse your password on the Web

Finally, I want to recall one of Stephen Hawking’s quotes: “I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We’ve created life in our own image!”