Free Open-Source vs. Commercial Security Tools?
sahirh asks: "I work as a penetration tester and recently started writing a whitepaper on the benefits of free, open-source security tools over commercial tools. Through my own experiences, I've found that many free tools such as Nessus and Kismet are more reliable and have better features than expensive commercial alternatives like ISS Internet Scanner or Airopeek. I've also noticed that tools like Ettercap have no commercial alternative. Further, the flexibility offered by the open-source nature of such tools is a great benefit. I'd like to ask for Slashdot's experiences and opinions on why you don't need to spend thousands of dollars on an expensive tool to perform a professional security assessment." Update: 02/07 11:15pm EDT by C : Thanks to all who wrote in to let us know the proper URL to the Kismet site.
I have no joke here, I just like saying, I work as a penetration tester ...
How does the Slashdot Effect happen given that no slashdotters ever RTFA?
My job duties sound similar to the story poster... My job description is "Penetration Preventer". My business card title just says, "Cockblocker".
I'm a big tall mofo.
"Penetration tester" is your day job, but tell me, do you solve crimes in the evening as a "private dick" ?
Don't blame Durga. I voted for Centauri.
So if something goes wrong with your setup, a commercial company will quickly take credit? Riiiiight.
I know Microsoft readily accepts monetary responsibility for their products being crap and causing crashes, viruses and trojans in my system.
In fact, Bill and Steve cut me a check weekly.
This is my sig. There are many like it but this one is mine.
You don't use programs? What, you put the cat-5 in your mouth and try to *taste* the intruders?
-- If no truths are spoken then no lies can hide --
I'm thinking of writing a how-to for "penetration testers". It'll be titled "Locating Unprotected Backdoor Entrances" or more aptly, "Lube"
http://www.watacrackaz.com