Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free Open-Source vs. Commercial Security Tools?

Posted by Cliff on from the don't-buy-into-the-FUD dept.

sahirh asks: "I work as a penetration tester and recently started writing a whitepaper on the benefits of free, open-source security tools over commercial tools. Through my own experiences, I've found that many free tools such as Nessus and Kismet are more reliable and have better features than expensive commercial alternatives like ISS Internet Scanner or Airopeek. I've also noticed that tools like Ettercap have no commercial alternative. Further, the flexibility offered by the open-source nature of such tools is a great benefit. I'd like to ask for Slashdot's experiences and opinions on why you don't need to spend thousands of dollars on an expensive tool to perform a professional security assessment." Update: 02/07 11:15pm EDT by C : Thanks to all who wrote in to let us know the proper URL to the Kismet site.

15 of 234 comments (clear)

  1. I want his job by YankeeInExile · · Score: 5, Funny

    I have no joke here, I just like saying, I work as a penetration tester ...

    --
    How does the Slashdot Effect happen given that no slashdotters ever RTFA?
    1. Re:I want his job by Aliencow · · Score: 4, Funny

      As long as you're not a "backdoor AnalYzer" ..

    2. Re:I want his job by Anonymous Coward · · Score: 1, Funny

      I have determined that there is a vulnerability in your sister.

  2. I have a similar job. by bigtallmofo · · Score: 4, Funny

    My job duties sound similar to the story poster... My job description is "Penetration Preventer". My business card title just says, "Cockblocker".

    --
    I'm a big tall mofo.
  3. That's your day job... by AtariAmarok · · Score: 4, Funny

    "Penetration tester" is your day job, but tell me, do you solve crimes in the evening as a "private dick" ?

    --
    Don't blame Durga. I voted for Centauri.
  4. What a pile of shit? by Foofoobar · · Score: 4, Funny

    So if something goes wrong with your setup, a commercial company will quickly take credit? Riiiiight.

    I know Microsoft readily accepts monetary responsibility for their products being crap and causing crashes, viruses and trojans in my system.

    In fact, Bill and Steve cut me a check weekly.

    --
    This is my sig. There are many like it but this one is mine.
  5. Re:Accountability by Keamos · · Score: 2, Funny

    Yeah, and if it were up to Stallman, we'd be using HURD.

  6. Re:Huh? by OblongPlatypus · · Score: 5, Funny

    You don't use programs? What, you put the cat-5 in your mouth and try to *taste* the intruders?

    --
    -- If no truths are spoken then no lies can hide --
  7. You want to work as a penetration tester? by That's+Unpossible! · · Score: 1, Funny

    Ben Dover.

    --
    Ironically, the word ironically is often used incorrectly.
  8. Re:Hmmm by YrWrstNtmr · · Score: 1, Funny
    I would like to see a fair assesment of commercial vs open source tools over a biased statement about how open source tools are better.

    You're new here, right?

  9. Re:Accountability by Anonymous Coward · · Score: 1, Funny

    Yeah tell that to my network admin that came to shut us down because ISS said that our linux servers where sending windows viruses. And when questioned about false-possitvies he let us know that it was impossible that a software so expensive was wrong.

  10. Docmentation by CKnight · · Score: 4, Funny

    I'm thinking of writing a how-to for "penetration testers". It'll be titled "Locating Unprotected Backdoor Entrances" or more aptly, "Lube"

    --
    http://www.watacrackaz.com
    1. Re:Docmentation by FrankDrebin · · Score: 2, Funny

      I'm thinking of writing a how-to for "penetration testers". It'll be titled "Locating Unprotected Backdoor Entrances" or more aptly, "Lube"

      Don't forget a section on avoiding Trojans. Although they sometimes help with L.U.B.E., they can often get in the way of a successful test.

      --
      Anybody want a peanut?
  11. "I work as a penetration tester..." by BigZaphod · · Score: 2, Funny

    If I would have been drinking something when I read that, my screen would be soaked right now...

    --
    Hexy - a strategy game for iPhone/iPod Touch
  12. Interesting Business Card by catdevnull · · Score: 2, Funny

    I was just wondering about that title "Penetration Tester." Somehow, it seems to garner immediate respect.

    --

    I might know what I'm talkin' about, but then again, this is Slashdot...