Best of open source software awards: Security

Bossie winners for application security, penetration testing, password cracking, network firewall, IDS, security log analysis, disk encryption, and gateway security

The InfoWorld Bossies are chosen annually by Test Center editors, analysts, and reviewers. The winners represent the best free and open source software we've used. Our choices for security were led by contributing editor Victor R. Garza, with a contribution from senior analyst Mario Apicella.

Got an open source favorite we missed? Please send us a note.

Application Security

AppArmor

The choice here is between two strong contenders, AppArmor and SELinux. Last year we picked SELinux, included in Red Hat and a favorite with the security community. This year we’re going with AppArmor, due to its superior ease of use and, well, momentum. AppArmor continues to be bundled with Suse and has caught on with Ubuntu and Mandriva. AppArmor protects applications through the use of mandatory access controls: permissions set by the underlying system – not by users – that prevent coding flaws or bugs in applications from being manipulated for malicious purposes. Penetration Toolkit

Metasploit Framework

When we first saw Metasploit back in 2004 at the DefCon hacker conference, we knew it would become a staple for security professionals the world over. And sure enough, Metasploit has become the de facto standard attack and penetration toolkit. Extremely extensible, and constantly updated to home in on the latest server and host vulnerabilities, Metasploit has the right stuff to test the perimeter of your network for holes, or determine whether your SQL or Web server or Unix, Linux, or Windows host can be compromised. If you have important systems to protect, point Metasploit at them yourself before someone else does. Windows Password Cracker

Ophcrack

An admin shouldn’t be in the business of cracking passwords but this can be the only options when employees leave and take their password with them. Ophcrack is capable of loading passwords’ hash codes directly from a Windows (XP or Vista) machine or from a file. The application includes large rainbow tables to scan with those hash codes, promising to return a missing password with impressive accuracy. Ophcrack also installs on Linux/Unix and Max OS X; a LiveCD version runs directly from the medium, no install needed. Perhaps Ophcrack won’t be the most used tool in your drawer, but it is one that can save the day. Network Firewall

SmoothWall Express

Any router with a permit or deny, accept or reject rule set can serve as a firewall. SmoothWall Express, which combines a hardened Linux kernel, intrusion detection, and an IPSec VPN, goes much further than that. It's not as powerful or feature packed as its commercial big brothers from the same company, but it is straightforward to configure and gets the job done. While we’re on the subject of firewalls… If you need help with firewall rule sets, take a look a Firewall Builder. It simplifies the configuration of iptables, Cisco PIX and ASA firewalls, and access control lists for other Cisco routers with a GUI front end. Network Intrusion Detection

Snort with BASE

Snort is our favorite window into seeing unwelcome activity on our network, whether it be port scans, stealth attacks, buffer overflows, or a variety of other meanspirited hijinks. A new beta, SnortSP (Snort Security Platform), introduces a shell-based user interface, native IPv6, MPLS and GRE support, and a multi-threaded execution module to enhance the Snort product line. Add BASE (Basic Analysis and Security Engine), and you have a Web-based front end to query and analyze Snort alerts as well as a role-based user authentication system to control user access to Snort data. Security Log Analysis

Splunk

We like AWStats for general log monitoring, but AWStats doesn't do security log analysis – for that we use Splunk. If you haven't heard of Splunk, stop reading and check it out: it is simply unmatched as a security log analysis tool. Grab traps, alerts, and syslog and SNMP data, and once you have the data, Splunk lets you graph and search it quickly via a simple, browser-like interface. In addition to helping you spot potential threats and dangerous trends, Splunk can aid compliance efforts, get alerts on thresholds you set, and generate nice reports of your findings.

[Editor's note: Since we published Monday, it's been pointed out that Splunk is in fact not open source. A free community edition is available, but source code is not. We apologize for our error.]

Disk Encryption

TrueCrypt

TrueCrypt puts not only open source competitors but even commercial counterparts to shame. Supporting Windows, Linux, and OS X, this on-the-fly disk encryptor is flexible and transparent, able to create a virtual encrypted disk or encrypt an entire disk partition or removable USB drive. TrueCrypt also offers pre-boot authentication for Windows, and provides ingenious ways of hiding encrypted volumes so that they can't be found. It’s a tool for the truly paranoid, and we like it that much more because of it. Gateway Security

Untangle Gateway Platform

If you’re looking for a bundle of tools to do it all, take a look at Untangle. A popular VMware appliance, Untangle protects against viruses, spyware, phishing, spam, and other threats and nuisances, bundling the likes of ClamAV, Snort, SpamAssassin, OpenVPN, iptables, and other open source goodies with its own scanning engine. Running on a single server, Untangle includes updates to the applications, various signatures, filters, and category lists along with nice reporting.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies