Instantly delete email threats for Office 365 » Free Offer
Welcome Guest | Sign In
Deliver winning CX every time

Open Source Security, Part 2: 10 Great Apps

By Jack M. Germain LinuxInsider ECT News Network
Aug 20, 2007 4:00 AM PT

Open source security products do not generally carry the same following as their business suite and operating system brethren. However, the same reasons for supporting open source products in general also apply to open source security applications.

Open Source Security, Part 2: 10 Great Apps

Open source security applications are free, or at least much less costly than their proprietary counterparts. Even when the cost of paid support is factored in, they provide much more bang for the buck.

Having many more eyes watching the code and a community of developers backing up users, open source security applications provide a wide range of options and made-to-order uses.

In Part 1 of this two-part series, LinuxInsider detailed a company's attempt to gain credibility for their open source security product. For Part 2, LinuxInsider spoke with several chief security officers of leading companies to compile a list of the serious open source security applications they use. Our list is not ranked in preference or based on our own testing. Instead, we relied on one of the strongest endorsements available: word of mouth.


Kismet is a console-based 802.11 layer2 wireless network detector, sniffer and intrusion detection system. Kismet identifies networks by passively sniffing and can decloak hidden or non-beaconing networks.

It can automatically detect network IP blocks by sniffing TCP (transmission control protocol), UDP (user datagram protocol), ARP (address resolution protocol) and DHCP (dynamic host configuration protocol) packets. Also, it can log traffic in Wireshark/TCPDump compatible format. It runs on Linux, OpenBSD, FreeBSD, Solaris, and/or other Unix variants, OS X for Mac and Windows. It has a command-line interface.


Snort is a network intrusion detection and prevention system long known for its traffic analysis and packet logging strengths on IP networks. Through protocol analysis, content searching and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans and other suspicious behavior.

Snort uses a flexible rule-based language to describe traffic that it should collect or pass and a modular detection engine. Snort is one of the most widely deployed intrusion prevention systems for detecting and preventing attacks on corporate assets. Snort can be configured for use by individuals and small businesses as well.

It runs on Linux, OpenBSD, FreeBSD, Solaris, and/or other Unix variants, OS X for Mac and Windows. It has a command-line interface.

Secure Shell

SSH (Secure Shell) allows users to log into or execute commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. Plus, it replaces other insecure telnet/rlogin/rsh alternatives.

Many Unix users run the open source OpenSSH server and client. Some Windows users prefer the free PuTTY client, which is also available for many mobile devices. Other Windows users prefer the terminal-based port of OpenSSH that comes with Cygwin.

SSH runs on Linux, OpenBSD, FreeBSD, Solaris, and/or other UNIX variants, OS X and Windows. It has a command-line interface.

PGP Encryption

PGP is a free encryption program for securing data from eavesdroppers and other risks. GnuPG is based on the open source implementation of the PGP standard. PGP is the executable version and has a license fee for some uses.

It runs on Linux, OpenBSD, FreeBSD, Solaris, and/or other UNIX variants, OS X and Windows. It has both command-line and graphical user interfaces (GUI).


RKHunter is a scanning tool that checks for evidence of pieces of malware such as rootkits, backdoors and local exploits. It runs many tests, including MD5 (Message-Digest algorithm 5) hash comparisons, default filenames used by rootkits, wrong file permissions for binaries. It also hunts for suspicious strings in LKM (loadable kernel module) and KLD (dynamic kernel linker facility) modules.

It runs Linux, OpenBSD, FreeBSD, Solaris, and/or other Unix variants and has a command-line interface.


ClamAV is an antivirus scanner that focuses on integration with mail servers for attachment scanning. It provides a flexible and scalable multi-threaded daemon, a command line scanner and a tool for automatic updating via the Internet. Clam AntiVirus is based on a shared library distributed with the Clam AntiVirus package that runs with other software. The virus database is kept up to date.

It runs on Linux, OS X, OpenBSD, FreeBSD, Solaris and/or other Unix variants and Windows. It has a command-line interface.


TrueCrypt is an open source disk encryption system. It can encrypt entire file systems and access data on the fly without user intervention beyond entering the passphrase initially. A special feature hides a volume for an added layer of secrecy to sensitive content. Decrypting the primary level does not affect this second hidden volume.

It runs on Linux and Windows and has both command-line and GUI Interface.


The Bastille Hardening Program locks down the operating system by proactively configuring it for increased security and decreasing its susceptibility to compromise. Bastille also assesses a system's current state of hardening. It granularly reports on each of the security settings with which it works.

Bastille currently supports the Red Hat (Fedora Core, Enterprise, and Numbered/Classic), Suse, Debian, Gentoo and Mandrake distributions, along with HP-UX and Mac OS X. Bastille's forte is its focus on letting the system's user/administrator decide what to harden beyond the default mode.

It interactively questions the user about security goals and options, explains the topics of those questions, and builds a policy based on the user's answers. In its assessment mode, it builds a report on all available security settings and which settings have been tightened.

IP Filter

IP Filter is a security package for providing network address translation or firewall services. It can be used as a loadable kernel module or incorporated into the Unix kernel.

The package includes scripts to install and patch system files. IP Filter is distributed with FreeBSD, NetBSD and Solaris.

It runs on Linux and OpenBSD, FreeBSD, Solaris and/or other Unix variants and uses a command-line interface.


SpamAssassin is a spam-filtering product sponsored by the Apache SpamAssassin Project. It uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect around which they can craft their messages.

Antispam tests and configuration are stored in plain text, making it easy to configure and add new rules. It uses an abstract API (application programming interface) to enable integration anywhere in the e-mail stream. The core distribution consists of command line tools to perform filtering along with a set of Perl modules which allow SpamAssassin to be used in a wide range of products.

It runs on Linux and OS X and uses a command-line interface.

Open Source Security, Part 1: Securing Credibility

Deliver winning CX every time
How important is social media to the success of your business?
Highly -- Social media is essential to our business model.
Somewhat -- We do see benefit from social media, but without it our operations would continue.
Minimally -- We're on social media because that's expected, though it's influence on our success is negligible.
Not at All -- Social media is not useful to our business.