Slashdot Mirror
Free Open-Source vs. Commercial Security Tools?
sahirh asks: "I work as a penetration tester and recently started writing a whitepaper on the benefits of free, open-source security tools over commercial tools. Through my own experiences, I've found that many free tools such as Nessus and Kismet are more reliable and have better features than expensive commercial alternatives like ISS Internet Scanner or Airopeek. I've also noticed that tools like Ettercap have no commercial alternative. Further, the flexibility offered by the open-source nature of such tools is a great benefit. I'd like to ask for Slashdot's experiences and opinions on why you don't need to spend thousands of dollars on an expensive tool to perform a professional security assessment." Update: 02/07 11:15pm EDT by C : Thanks to all who wrote in to let us know the proper URL to the Kismet site.
Ethereal, nmap, and snort always get the job done for me.
www.kiwilyrics.com - a wiki for lyrics
I don't use commercial applications. I don't use programs for my security tests. I do the tests myself everyday.
ajf
$3200 spent in a snort bootcamp made the need to buy a $120,000 IDS box moot.
We were reviewing everal six-figure pieces of equipment and found the same thing - we knew they saw traffic they didn't like, but we didn't know WHY.
Now that everybody uses snort rules, the training is still helpful to show you WHAT you're seeing and IF it's truly bad or just another false positive.
FWIW, why get the snort stuff one vendor removed? Just go straight to the source.
"Draco dormiens nunquam titillandus."
Even a great methodology is open source [osstmm]
One reason that many companies need to use a commercial security tool is because of Visa and Mastercard CISP and SDP compliance.
In order to comply you must have various levels of security testing done and certified by an approved vendor.
snort, ethereal, nmap, etc
one commercial one that I _really_ like is Languard Network Scanner from GFI.
While it is closed source, it has 30-day full functionality, and has limited functionality after that. Still even with the 'limited' functionality, it provides the full scanning capabilities, it just doesn't let you use some of the features that I never use anyways (scheduling, etc).
I'd really recommend giving it a try, its pretty slick.
b/c this is what the majority of hackers/crackers are out there using...
use the tools they use...not that commercial products dont have any value to them. perhaps just use OSS first then supplement that with some commercial solutions.
www.packetstormsecurity.com is a good place to start also.
Sourcefire. Martin Roesch's company. It gives you, the admin, the goodness of Snort and OSS tools and gives your bosses a contract to feel all warm and fuzzy about. Pretty much a win-win. I love my Sourcefire boxen and they cost less than the other commercial IDSes.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
It gives you, the admin, the goodness of Snort and OSS tools and gives your bosses a contract to feel all warm and fuzzy about.
Actually we found that Sentarus is a much better snort-based product. We kicked Sourcefire out after 2 weeks, they just don't get the concept of a GUI. Talk about butt ugly and unmanagable.
Snort's not really a pen-test tool, though.
For pen-testing, check out the Metasploit framework. It's truly cool.
Also, have a look for scanrand, part of paketto keiretsu (doxpara.com appears to be having trouble right now, so don't go looking right now).
There's always the old standbys, as well, like dsniff.
I work as a penetration tester and recently started writing a whitepaper on the benefits of free, open-source security tools over commercial tools.
What if some of the developers of those F/OSS packages are paid money to code free software? MySQL comes to mind when I think commercial free software, although it isn't related to the software you search. There has been always money to be made in free software business. Your question should be about free vs. non-free.
Quoting RMS:``Free software'' does not mean ``non-commercial''. A free program must be available for commercial use, commercial development, and commercial distribution. Commercial development of free software is no longer unusual; such free commercial software is very important.
"Because if something does go wrong, it is the vendors fault and not yours. With free software, it is your fault."
Um, check the EULA. Unless you've written a change into your contract, it's unlikely that the vendor actually is responsible.
Free software relieves you of the burden of believing the vendor's got your back. For the most part, they don't.
What I say does not represent the views of my employers, my friends, my cats, or myself.
I just received e-mail from Fyodor and had this bad bad news.
Nobody mentioned that here.
(and probably nobody will read that since I'm stuck at 0
13-4=54/6
While the tool itself *is* still free Lightning has made a change in their pricing model regarding the plugins.
Check it out for yourselves, there are three feeds now. The main feed which used to be free is now on a seven day delay. While this doesn't affect a lot of the scanning efforts it is nice to know about the vulnerability that just came out.
Often when a new serious vulnerabilty makes news a company would like to know how they are affected right away. Now they will have to wait 7 days!
I don't think that there is anything wrong with this, I mean the developers at nessus (tenable lightning) have to eat too. But calling it free just seems sort of inaccurate now. Scanners without updated signatures work about as well as razors without the blades.
A 'Direct Feed' is commercially available which entitles subscribers to the latest vulnerability checks. Customers who purchase a Lightning Console or NeWT Pro scanner receive access to this feed with their annual product maintenance.
A 'Registered Feed' is available for free to the general public, but new plugins are added seven days after they are added to the 'Direct Feed'. To obtain access to the 'Registered Feed', users are required to enter contact information for tracking and also agree to Tenable's license agreement for the plugins.
The 'GPL Feed' does not require registration, and includes plugins written by the user community. As manager of the Nessus project, Tenable continues to accept plugins written from the Nessus and NeWT user communities. Plugins accepted with a copyright under the GNU Public License will be distributed to the Direct, Registered and Public feeds at the same time.
Pricing
The access to the GPL feed and to the Registered Feed is free. Pricing for the 'Direct Feed' is based upon the number of Nessus or complimentary copies of NeWT in use within your organization, consultancy or service. The cost is $1200 per scanner per year. For more information, please contact Tenable's sales staff.
Mostly open source security tools for pentesting, although there are some commercial products listed as well.
i rectory.htm
http://www.liveammo.com/LiveAmmo_Security_Tools_D
---------- http://www.LiveAmmo.com