Slashdot Mirror

← Back to Stories (view on slashdot.org)

Missing Open Source Security Tools?

Posted by simoniker on from the swiss-army-knife dept.

Kinetic writes "There are many great open source security tools out there, Nmap, Nessus, and DSniff, just to name a few. However, with the world of security constantly changing, this begs the question, what open source security tools are missing? What commercial security tools have no viable open source alternatives? When securing/testing/exploring networks (home or enterprise), what security tools/applications/functionality are lacking (or non-existent) in the open source world?"

5 of 362 comments (clear)

  1. Give me reporting tools! by Bubblehead · · Score: 5, Insightful

    I am constantly trying to improve the security of my home network, and the available tools are pretty powerful. My biggest problem has been to find powerful reporting tools. I use iptables as a firewall, tripwire for intrusion detection, etc. But it's not always easy to see what's going on in the system. Tripwire produces decent reports; but there is no easy way (afaik) to get a list of intrusion attempts, network traffic, port scans, etc. Sure, the information is in the logs - but the log information is hard to parse and often not as complete as it should be.

    --
    Under capitalism man exploits man. Under communism it's the other way around.
  2. Re:Open source virus scanners by ajs · · Score: 5, Insightful

    Virus scanners are for people who want to leave security holes open and then get information about the damage.

    No, they're for the people who don't trust that every security hole is known of first by the white-hats.

    Is your system secure? Are you sure? What abotu 5 minutes before you applied that last ssh update? Wouldn't a virus / trojan / root kit scanner give you one more level of assurance?

  3. The user-friendly/visually appealing interface by DeepDarkSky · · Score: 4, Insightful

    Most open source project focus on utility, not on appearance. The most powerful tools are often the simplest ones (in appearance). However, the ability to visualize and/or put a user-friendly interface is usually a good next step. Some may call this approach the "Microsoft dumbing down" approach, since it is Microsoft who usually put deceptively simple user-interface in front of a much more complex and powerful tool.

    However, that doesn't mean these tools couldn't benefit from good visual front ends (and I'm sure people will point out there are plenty). Human's ability to make sense of well designed visual information (a la Edward Tufte) cannot be understated.

    I also seem to recall reading a slashdot story a long while back about Infineon (I think) that had a hardware sniffer that is able to reconstruct TCP/IP traffic/session/connections that are captured, and it recognized hundreds of protocols/applications.

    Bring all of that together: open source software being able to visually display security information in a meaningful way, using some kind of open standard like, say, OpenGL. Adding more to the existing foundation tools that we already have, that's where some contribution can be useful.

    But that's just what I think, by no means do I think it's the best answer.

  4. Re:Oh great by Anonymous Coward · · Score: 4, Insightful

    I bet a lot of people would have enjoyed using that excuse in English class. Can you imagine an editor at the NY Times letting this slip by? In a comment by somebody who doesn't know better, sure, let it go.

    Languages evolve, but that fact is too often used as a cop-out for being too lazy to learn correct use of a language. As it is now, "begs the question" is used incorrectly on the front page of Slashdot, a large news site. The editors should know better and hopefully after being scolded, they learn. Unlike people who scoff at corrections because "English changes."

  5. Re:SIMS by kfg · · Score: 5, Insightful

    Obviously you don't do security for a large network.

    No, no. That's not how it goes. If you take that approach people are likely to take it as a personal attack rather than a reasoned argument. To avoid such confusion it's best to proceed like this:

    I ask, "Pipes and regular expressions?" (you dropped my question mark and replaced it with a period)

    Then you say, "No, that won't do it, because. . . (and then you insert your argument here)

    Otherwise people might think you're just being a jerk.

    Now, I don't necessarily mind if people here and there think I'm being an intellectual jerk, or even an ignorant jerk (because, Lord knows, now and again I am an ignorant jerk), but I might feel bad if someone considered me just a jerk. So I can empathize with you being in a position where someone might think that of you.

    Sure, that's like saying a magnifying glass can be used to find your lost class ring in the playground. Sure it will work, but extreme under-kill and a waste of time.

    Wouldn't it be great if you could use pipes and regular expressions to find lost things? That would be sooooooooooo sweet, because (this is where I insert my argument) they're like a perfect multi-lens device of infinately variable focal length and aperature, hooked up to a spectrograph , a mass spectrograph, a lath, a mill, a tap and die set, a forge, a. . .

    So there you are, in a playground in Central Park, NYC, and you suddenly realize your class ring is missing. You aren't sure where you lost it either. Let's say you know it had to be someplace on Manhatten. You zoom the lens out to encompass Manhatten, set the aperature appropriately, and turn on the spectrograph.

    Then ask it to show you all the rings. And it does!

    "Oh, shit," you say to yourself. "Look, only show me the rings with a garnet in them."

    No, that didn't do it, there's still a pile of them too big to go through. Ok, how about all the gold rings with a garnet? Gold rings with a Garnet from the High School of the Performing Arts? Damn, that many? Ok, how about one of those ,but with that little scratch on the side with '58 Porsche grease in it?

    Bingo! There it is in a cab up in East Harlem.

    See? Not like a magnifying glass at all, but an entire suite of logical tools and set theory manipulators that can be combined in any way that suits your fancy to return any logical result you want.

    I was once having dinner with some friends and one of them, who happens to be a network tech, asked one who happens to be a professor of Chemistry, "Why has Organic Chemistry effectively become a required course for a medical degree? Does a doctor really need to know Organic Chemistry? What would they possible actually use it for?"

    The Chemistry professor responded, "Well, a biochemist would obviously need and use Organic Chemistry, but if you just mean a practicing medical doctor, no, they don't need it and will never use it."

    "Well," asked the net tech, " why do you make them learn it then?"

    "We don't make them learn it to learn Organic Chem." replied the professor. " We make them learn it to learn deductive reasoning in a domain of applied set theory. It's to teach them diagnosis."

    And network security is a diagnostic field requiring deductive reasoning in a domain of applied set theory.

    Maybe we should make CS majors take Organic Chemistry.

    Or maybe we should just make them take math with a certain focus on logic and set theory and apply same against the computer (a mathmatical logic machine) network. Then maybe they could use general purpose logical tools to construct their own specific case tools, instead of being restricted to the domain of premade tools that often don't even fit their network situation (since every large network is unique in its structure and logic, and thus no outsider can know the sets, or the possible set of logical prepositions).

    KFG