Open source security is like a military general who shows his plans to both his allies and his enemies. On the one hand, his enemies can try to exploit the plan by targeting its weaknesses. But on the other hand, by exposing his tactics to those who want to help, the plan is ultimately much stronger as a result of their feedback and modifications.
Open source applications make their source code publicly available for any user to download, compile and execute. This makes it possible for developers to modify different aspects of the program to their needs. However, it also makes it extremely easy for malicious coders to find and use exploits in the software against unsuspecting users.
To prevent this from happening, open source software employs some of the highest forms of security around, and when it comes to open source security applications, that bar is set even higher. After all what good would a network firewall or intrusion detection system be if a user were able to penetrate the system because of an exploit in the source code?
In this article we have compiled 105 open-source tools, applications, and resources to expose you to the diversity of open source options available, as well as to help you better assess the costs and benefits of open source security integration into your system.
The average internet user receives more than 18 spam messages per day and spends nearly 3 minutes cleaning it up. It is estimated that spam costs businesses nearly $22 billion a year in lost productivity. To make the most of your time, and protect your computer from the various forms of malware often found in email attachments, you need an effective email protection system.
Anti-Spam SMTP Proxy Server [Linux, Windows, OS Independent | Perl] – A complete server side e-mail filtering application equipped with Bayesian filtering spam blockers and anti-virus capabilities.
phPOP3clean [OS Independent | PHP] – A POP3 e-mail account cleaner scans for malformed e-mails, worms, attached image spam, obfuscated and blacklisted words and source code, and blacklisted IPs and domains.
Mailsaurus [OS Independent | AJAX] – Serves as a web-based e-mail client that encrypts all of your data so that nobody (not even the system administrator) can read your e-mail. Includes anti-virus and a spam filter.
MailCleaner [Linux | C, Perl, PHP, Unix Shell] – An extremely customizable server-side e-mail filtering application with a very attractive administration interface. Comes equipped with multiple spam filtering solutions and ClamAV anti-virus.
Tiger Envelopes [Linux, FreeBSD, Windows, OS X, OS Independent | Java] – A peer-to-peer, key mail encryption program that integrates into Outlook, Thunderbird, Mac Mail and KMail.
GFI MailEssentials 11 Web Stat [Windows | ASP] – A browser-based spam filter that tracks the level of spam being blocked and displays the results graphically.
No computer is completely protected unless it is running an antivirus. Here are some of the leading open source antivirus solutions.
Clam AntiVirus [Linux, FreeBSD, Windows] – Designed to scan e-mail gateways for viruses. Supports on access scanning for Linux and FreeBSD operating systems.
Winpooch Watchdog [Windows | C] – Complete, enterprise level virus scanner with anti-spyware and anti-Trojan features. User controlled security levels monitor the system for abnormalities.
FullControl [Windows | VB.net] –Software that monitors the activity of the programs running on your computer. When an application executes, FullControl intercepts it and verifies its integrity.
Moon Secure Antivirus [Windows | C, C++, Delphi/Kylix] – Complete on access virus scanner. Includes a firewall.
Softlabs AntiVirus [Linux] – Scans incoming mail for phishing scams, virus attachments and verifies the integrity of HTML embedded e-mails.
These apps allow you to securely browse the Internet and transfer files remotely without the fear of privacy invasion.
JAP [Linux, Windows, OS X, OS Independent | Java] – Surf the Internet anonymously via encrypted intermediaries.
WinSCP [Windows | C++] – Transfer files securely between local and remote computers with this SFTP and SCP client. Also includes a text editor for editing remote documents.
PuTTY [Linux, Windows] – Telnet and SSH client for running remote sessions. Main features include command line based SCP and SFTP clients. Frequently used to communicate between a Windows machine and a Unix machine.
Cyberduck [OS X] – SFTP solution for MACs. Uses SSH to transfer files to remote computers and networks. Also integrates into OS X features including Bonjour, Keychain, iDisk and more.
OpenSSH [FreeBSD] – SSH telnet and SFTP program designed to securely transmit data to remote computers.
The first line of defense on a PC is a firewall. Here are several highly effective solutions for protecting your computer.
m0n0Wall [FreeBSD | PHP, XML] – Complete firewall and VPN package. Uses a Web-based interface for integration across a wide variety of operating systems.
Firestarter [Linux] – Both a personal and server-side firewall with real time traffic monitors, on access scanning and an overall complete security package.
SmoothWall [Linux | C, Perl] – Firewall, ids and VPN system for home users and networks. Uses a very attractive interface.
AppArmor [Linux] – Complete firewall solution from Novell. Includes protection against zero-day attacks, monitors the system for abnormalities and restricts which system resources and applications users can access.
Bastille-linux [Linux | Perl] – A suite used to improve the security of a Linux box by configuring daemons, system settings and implementing a firewall.
Fail2Ban [Linux | Python] – Monitors log files (i.e. server connections) and searches for patterns. If a certain pattern emerges where an IP address is failure-prone, that IP is blacklisted.
Firewall Builder [Linux, FreeBSD, OS X | C, C++] – Builds and manages policies and rule sets for your firewall.
Hardened Linux [Linux] – A Linux distribution designed to improve security with features including a firewall and IDS system.
ShellTer [Linux | Unix Shell] – Standard IP tables-based firewall. Includes built in SSH Brute force protection.
Firewalls are vital components for filtering out the erroneous and malicious traffic attempting to enter your network.
IPcop [Linux | C, Perl, Unix Shell] – Firewall based Linux distribution used primarily for securing and monitoring networks.
FirewallPAPI [Windows | C++] – A firewall/filtering system for network traffic.
WIPFW [Windows | C] – Monitors and filters packets entering the network router based upon a rule set.
ISP-FW [Linux | C, PHP] – Server side firewall application with packet filtering and monitoring capabilities.
Linux Embedded Appliance Firewall [Linux | C, Unix Shell] – Used as a firewall, router, Internet gateway and wireless access point.
Vyatta [Linux | C, C++] – Commercial grade network firewall solution.
eBox Platform [Linux | Perl] – A complete network management framework including NTP and DHCP servers, content filters and firewalls, proxy-cache and more.
Maintaining a secure network is perhaps the most critical internet technology task we face today. Nothing is worse than having sensitive data compromised or trying to get work done when the network is down. Fortunately we've compiled more than 20 apps to strengthen the security of your network and keep hackers out.
Network Security Toolkit [Linux] - Comprehensive set of network security tools including traffic analysis, active monitoring, intrusion detection and more.
Nessus [Linux, FreeBSD, Windows, OS X] – Industry-leading open-source network vulnerability scanner. Highly scalable and very thorough.
The Multi Router Traffic Grapher [Linux, Windows] – Simple tool used to monitor SNMP network devices.
Nagios [Linux, FreeBSD] – Comprehensive, Web-based tool equipped with virtually every imaginable feature for knowing exactly what's going on in your network.
Open Source Security Information Management [Linux | C, Perl PHP, Python] – A complete network monitoring system including real-time graphs on bandwidth usage and user participation, policy restrictions, and implementations of various popular network tools including Nessus, Nagios and more.
Network Mapper [Linux, FreeBSD, Windows, OS X] – Uses packets passing through the network to find out what hosts are available, what services they're offering, what operating system they're running and what type of packet filtration/firewall they're using.
Wireshark [Linux, FreeBSD, Windows, OS X] – Powerful tool for capturing network protocol data for analysis. Contains more than 25 methods for reading packets, making it useful for a wide array of networks.
Internet Secure Access Kit [Linux] – Complete network suite used to restrict and monitor access. Contains anti-virus and anti-spam software and detailed reports on each user accessing the network (including websites, dates and times, number of downloaded bytes, etc.)
JbroFuzz [Linux, FreeBSD, Windows, OS X, OS Independent | Java] – Creates malformed data and sends it through the network to simulate exploits and find security holes. Some of the techniques include SQL injection, integer and buffer overflows and XSS checks.
Packet Generator [Linux | Python] – Simulates sequences of packets traversing your network. Useful for optimizing routing schematics.
Network Security Analysis Tool [Linux, FreeBSD | C++] – Tool used to scan networks for vulnerabilities.
Yet Another Security Monitoring Interface [OS Independent | PHP] – Web-based application that prints out information on the data flow routers emit. Useful for detecting anomalies in the system.
The Network Visualizer [OS Independent | Java] – Displays detailed graphic information on network activity. Traffic can be broken down to paths, ports, packets and time periods. Extremely useful for determining when there is an anomaly in the network.
Network Simulator and Network Animator [Linux, FreeBSD, OS X | C++, Tcl] – Simulates traffic flowing through a network to help find bottlenecks and generate more effective routing.
Ettercap [Linux, FreeBSD, OS X | C] – Monitors live LAN connections (via sniffing) for abnormalities and filters the bad traffic.
Automated Incident Reporting [Linux | C, Perl] – Assembles information from IDS's and human-generated reports into a unique database for more thorough analysis. Useful for finding patterns and exploits in the network.
True Real-time Observer of Network Statistics [Windows | C, C++] – Enables you to monitor your network remotely through the Internet.
visualNets [Linux, Windows | VB.net] – Graphically plots network packets over time allowing administrators to identify trends and security exploits.
vSentinel [Windows | C, C++] – Monitors the network in a real-time 3-D map.
Honeytrap [Linux, FreeBSD | C] – Collects TCP information on a network and compares it to what an attack would look like in order to give you a warning prior to an attack.
eXtensible Open Router Platform [FreeBSD | C++] – A secure implementation for the standard network router.
Quagga [Linux, FreeBSD] – Secure routing software for Unix-based architecture.
Network top [Linux, FreeBSD, OS X, Windows] – Sorts and analyzes network traffic based upon user specified criteria. Uses a Web browser-based interface.
Intrusion Detection System
No system is 100 percent secure unless it maintains some sort of intrusion detection system. Here are a few of the best open source IDS solutions.
Snort [Linux, Windows, FreeBSD, OS X] – Top of the line intrusion detection system using real-time traffic analysis and packet logging on IP networks. Detects a wide variety of attacks including buffer overflows, OS fingerprinting, CGI scans and more.
Basic Analysis and Security Engine [OS Independent | Perl, PHP, Unix Shell] – Performs analysis of the intrusions Snort detects on your network.
HenWen [OS X | Objective C] – Simplifies the Snort installation process on MACs.
Open Source Host-based Intrusion Detection System [Linux, Windows, FreeBSD, OS X] – A personal IDS solution for protecting your computer. Also contains malware detection and log analysis software.
Panoptis [Linux | C++] – Network based IDS used primarily for detecting and blocking DoS and DDoS attacks.
Surf IDS [OS Independent | Perl, PHP, Unix Shell] – Uses passive sensors across a distributed IDS to provide early attack warnings for administrators. Maintains a graphic database of all attacks attempted on the system.
wIDSard [Linux | C] – Host based IDS system that monitors the integrity of system calls. If a particular sequence of system calls is initiated (i.e. malware) the process is terminated, logged, etc…
Secwatch [Linux | C, PHP] – Uses log file analysis to determine if a system is under attack. Creates firewall rules to block offending IPs.
Virtual Private Network
Big brother is watching you, unless you're using a VPN. The following apps keep your Internet browsing experience secure.
OpenVPN [Linux, FreeBSD, Windows, OS X | C] – A VPN suite allowing you to setup both clients and servers for remote access, WiFi security, ethernet bridging and various other SSL tunneling activities.
SSL-Explorer [Linux, Windows, OS Independent | Java] – Web-based SSL VPN server. Allows users to tunnel through a standard browser. Integrates into the network as opposed to working on the client's side.
strongSwan [Linux | C] – IPsec based VPN solution.
Stunnel [Linux, FreeBSD, Windows] – Encrypts TCP connections inside SSL connections. Requires a SSL solution like OpenSSL to work.
Having an insecure wifi network is one of the most common security hazards and entry points for malicious exploits today. These apps will get you started in securing your wifi network and keeping unwanted users out.
Kismet [Linux, FreeBSD, OS X | Java] – Detects wireless networks by passively collecting and interpreting packets. Also doubles as a WiFi intrusion detection system.
RogueScanner [Linux, Windows | C++, Ruby] – Scans wireless networks for vulnerabilities and rogue access points based upon a set of rules kept in a central server.
Airview [Windows | Delphi/Kylix] – Captures wireless network packets via Packet Sniffer SDK technology and displays the results visually helping you monitor your wireless network.
Wireless Access Point utilities for Unix [Linux, FreeBSD, OS X | C] – A set of utilities and programs used to configure and monitor wireless access points.
WEP Key Changer [Linux, Windows | C, Python] – Enables greater WEP protection by randomly changing the WEP key after a specified amount of time. Note: Despite this product's solid features, we still recommend you only use WEP if WPA protection is unavailable.
WepLab [Linux | C] – Cracks your network's WEP key proving how unsafe and ineffective WEP protection is. Useful if you're wondering why you should switch to WPA.
NoMice [Linux | PHP] – Acts as a layer between wireless access points and WiFi users by regulating Internet access based upon a user's level of authorization.
WiFiDog [Linux | C, PHP] – Serves as a firewall by regulating what traffic is allowed to pass through a WiFi hotspot. Also regulates which users are allowed access to the wireless network and Internet.
Wififingerprint [Windows | C++] – Gains information about the users on your WiFi network including operating system, shared files and open TCP/UDP ports.
From archiving your passwords to using military grade encrypted messages, these apps have you covered.
GNU Privacy Guard [Linux, FreeBSD, Windows, OS X] – A command line based encryption tool using multiple encryption algorithms including OpenPGP, AES, SHA-1 and more.
FreeOTFE [Windows | Delphi, C] – A powerful encryption tool containing various 256 bit encryption algorithms used to create secure virtual drives on your PC.
Cryptonit [Linux, FreeBSD, Windows, OS X | C++] – Uses multiple encryption techniques for securing files and address books. Employs a unique verification system requiring a user's signature.
AxCrypt [Windows | C++] – An encryption suite using AES-128 file encryption and compression. Integrates into Windows explorer right-click menus for easy use.
Magikfs [Linux | C] – Uses a steganographic filesystem to protect sensitive files. Keeps the encrypted files hidden rather than open to the public.
Cryptology [Windows | C++] – A simple tool using AES-256 encryption to securely access files. Integrates into Windows Explorer right-click menus.
CiphSafe [OS X | Objective C] – Uses 320 bit Blowfish encryption to secure usernames and passwords for popular Internet websites. Acts as a secure logging system to protect sensitive data.
Checkpoint Commander [Linux, Windows, OS Independent | Java] – A tool for encrypting and archiving files. Also includes comprehensive disk erasing software.
Keep It Secret! Keep It Safe! [Linux, Windows, OS Independent | Java] – Stores all of your important username and passwords in a file secured by OpenPGP encryption. Includes a password generator and secure file for tracking the history of your password changes.
Magic Cube Cryptography [Linux | C] – A new algorithm for encrypting data on a Linux system. Recommended for developers wishing to try their hand at encryption.
Cameloid [Linux | C] – Encrypts peer-to-peer voice and video connections using secret keys. Works for both TCP and UDP connections.
XML-Security Plug-In [Linux, Windows, OS Independent | Java] – A tool for developing and verifying digital signatures based upon W3C recommendations.
Although these apps didn't fit into any of the above categories, they are essential tools for security analysis and useful for maintaining a secure system.
Advisory Check [Linux, FreeBSD, OS X | Perl] – Monitors the security of the software installed on your machine by reading popular RSS and XML security advisory feeds, and alerts you when your computer is at risk.
Tripwire [Linux | C++] – Alerts the user when specific changes are made to files on the system. Useful for monitoring sensitive system files.
Babel [Linux | C, Perl, PHP, Unix Shell] – A tool designed to strengthen the security of a Linux machine by reporting the various flaws in security to the user. Monitors all system changes and helps you to design a secure environment.
Pro Shield [Linux | Unix Shell] – Scans your system for vulnerabilities and recommends changes and upgrades.
Security Officers Management and Analysis Project [Linux, FreeBSD, Windows, OS X | Java, PHP, TCL] – A multitude of tools for assessing the security and inventory of a network.
Rootkit Hunter [Linux | Perl, Unix Shell] – Scans your system for rootkits and other forms of malware.
Gargoyle [Windows] – Security software to clean up your temporary and no longer in use files.
Install Fix [Windows] – Deletes tracking cookies and clears the cache of unused files.
Patch Integration Engine [Linux | C] – Very interesting implementation for preventing security exploits. Intercepts data being passed to vulnerable functions and verifies that it is not malicious.
RTL-Check [Linux, Windows | Python] – Analyzes source code from a safety and security perspective. Specializes in static analysis and memory flaws.
Security & Privacy Complete [Windows | C++] – Disables security risk features, hardens registry settings and includes several privacy options for securing Internet Explorer and Firefox.
xpy [Windows] – Contains multiple configuration tweaks for maximizing the security of your PC.
UltraVNC [Windows | C, C++, Java] – Remote PC control software that is useful for performing diagnostics on clients' machines and accessing other PCs externally.
Paranoid Android [OS X | C, C++, Objective C] – Security application that requires conformation from the user before an app can run.