Slashdot Mirror

← Back to Stories (view on slashdot.org)

Free Open-Source vs. Commercial Security Tools?

Posted by Cliff on from the don't-buy-into-the-FUD dept.

sahirh asks: "I work as a penetration tester and recently started writing a whitepaper on the benefits of free, open-source security tools over commercial tools. Through my own experiences, I've found that many free tools such as Nessus and Kismet are more reliable and have better features than expensive commercial alternatives like ISS Internet Scanner or Airopeek. I've also noticed that tools like Ettercap have no commercial alternative. Further, the flexibility offered by the open-source nature of such tools is a great benefit. I'd like to ask for Slashdot's experiences and opinions on why you don't need to spend thousands of dollars on an expensive tool to perform a professional security assessment." Update: 02/07 11:15pm EDT by C : Thanks to all who wrote in to let us know the proper URL to the Kismet site.

4 of 234 comments (clear)

  1. Valuable Open Source Security Assement Tools? by kiwidefunkt · · Score: 5, Informative

    Ethereal, nmap, and snort always get the job done for me.

    --
    www.kiwilyrics.com - a wiki for lyrics
  2. Go to SANS training. by Matey-O · · Score: 5, Informative

    $3200 spent in a snort bootcamp made the need to buy a $120,000 IDS box moot.

    We were reviewing everal six-figure pieces of equipment and found the same thing - we knew they saw traffic they didn't like, but we didn't know WHY.

    Now that everybody uses snort rules, the training is still helpful to show you WHAT you're seeing and IF it's truly bad or just another false positive.

    FWIW, why get the snort stuff one vendor removed? Just go straight to the source.

    --
    "Draco dormiens nunquam titillandus."
  3. VIsa / MC Compliance by jfroot · · Score: 5, Informative

    One reason that many companies need to use a commercial security tool is because of Visa and Mastercard CISP and SDP compliance.

    In order to comply you must have various levels of security testing done and certified by an approved vendor.

  4. besides the obvious by JeanBaptiste · · Score: 5, Informative

    snort, ethereal, nmap, etc

    one commercial one that I _really_ like is Languard Network Scanner from GFI.

    While it is closed source, it has 30-day full functionality, and has limited functionality after that. Still even with the 'limited' functionality, it provides the full scanning capabilities, it just doesn't let you use some of the features that I never use anyways (scheduling, etc).

    I'd really recommend giving it a try, its pretty slick.