CURRENT ARTICLE:  Open Source Cybersecurity
NEXT ARTICLE:   Hot New China Websites

Open Source Cybersecurity

S.R. Schroeder // Last Updated: 16 August 2021

Cybersecurity can be super expensive for SME’s as the IT skills needed require professionals with many years of experience, intensive training and certifications, and very often pricey software, tools and subscriptions.

The quandary is that companies can’t afford not to do more for cybersecurity, as the increase in cyber attacks such as ransomware, data breaches and more tear across the business landscape worldwide. Cybersecurity can no longer be an afterthought for SME’s - they must get it right today. 

What’s a company to do? Well, some expenditure is unavoidable, but like in many areas of IT open source solutions if selected wisely can be a big money saver. Trained cybersecurity professionals are still needed, but many of the tools we detail below can help small businesses bridge the gap between not paying enough attention to cybersecurity and employing sufficient security for their risk profiles.

Here we list the top open source categories and solutions:

 

Vulnerability Scanning

Every company should start by conducting a cybersecurity risk assessment to ensure awareness of all their valuable assets, both physical and digital, local and in the cloud. From there they should initially and regularly scan all their assets and networks for vulnerabilities to achieve a clear awareness of their current status. 

Commercial tools like Nessus and Qualys are often the industry go-tos, but since scanning is such an important activity there are many open source options as well, many specialized for certain tasks or asset types. Our list here is just touching on some main ones satisfying most environment’s needs. For many more can check a collection at OWASP: https://owasp.org/www-community/Vulnerability_Scanning_Tools :

  1. OpenSCAP - https://www.open-scap.org/ - Security Content Automation Protocol (SCAP) is a U.S. standard maintained by the National Institute of Standards and Technology (NIST). The project is a collection of open source tools for conducting vulnerability assessments and implementing the standards.
  2. OpenVAS - https://www.openvas.org/ - Maintained by Greenbone, was the open source base that later became Nessus.
  3. Nessus - https://www.tenable.com/products/nessus/nessus-essentials - Nessus is primarily a commercial enterprise, but it’s important to note they still supply a limited free version that you very much may want to consider, as OpenVAS can be wonky.

 

Web Application Vulnerability Scanning

Here we distinguish tools focused more specifically on websites and web applications rather than network environments more broadly, but as web apps are key assets they’re very useful:

  1. OWASP Zed Attack Proxy (ZAP) - https://www.zaproxy.org/ - Web application vulnerability scanner.
  2. Burp Suite Community Edition - https://portswigger.net/burp/communitydownload - A favored web application scanner, the Pro version is more full featured of course and a favorite we use here at Seirim.
  3. Arachni - https://www.arachni-scanner.com/ - Vulnerability detection that can support highly complicated web applications which make heavy use of technologies such as JavaScript, HTML5, DOM manipulation and AJAX.
  4. Wapiti - https://wapiti.sourceforge.io/ - Wapiti works as a "black-box" vulnerability scanner, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application, extracting links and forms and attacking the scripts, sending payloads and looking for error messages, special strings or abnormal behaviors.
  5. Nikto - https://cirt.net/nikto2 - Web server scanner which performs comprehensive tests against web servers for multiple items, including dangerous files/programs, checks for outdated versions and configuration issues.
  6. w3af - http://w3af.org/ - w3af is a web application attack and audit framework that helps secure web applications by finding and exploiting all web application vulnerabilities.

 

Vulnerability Reporting and Management

You found the vulnerabilities, now you need to track and manage them over time to ensure remediations are put into place:

  1. Dradis - https://dradisframework.com/ce/ - Security project framework for collaboration and reporting. Combines the output of 19+ different security scanning tools, manual findings, and notes to generate consistent reports
  2. ArcherySec - https://www.archerysec.com/ - Isn’t as robust as Dradis above with its big community but is another option.

 

Network Scanners and Tools:

These two are indispensable in the assessment and monitoring of your networks and assets:

  1. Nmap - https://nmap.org/ - The go-to utility for network discovery and security auditing. It’s useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. If you want a graphical user interface instead of using the command line can use their Zenmap: https://nmap.org/zenmap/
  2. WireShark - https://www.wireshark.org/ - The go-to network protocol analyzer. It lets you see what’s happening on your network, capture the packets live and conduct deep inspection of hundreds of protocols affording you a full view and interaction with your network environment.

 

Firewalls

Keep your servers, networks and web apps secure!

  1. pfSense - https://www.pfsense.org/ - One of the most popular, and can be thought of as more than just a firewall as it’s extended to also do network address translation, load balancing, routing, VPN connections, dynamic DNS, DHCP and more. There are paid tiers but the base software is quite extensible with advanced features.
  2. OPNsense - https://opnsense.org/ - A branch of pfSense and m0n0wall, is a firewall with similar features, can even add on a web application firewall, and some intrusion detection and prevention.
  3. IPFire - https://www.ipfire.org/ - Open source firewall, intrusion protection system, network segmentation, VPN connections and more.
  4. Endian - https://www.endian.com/community/features/ - A Linux security distribution for firewall, web security, VPN, some anti-virus and more.
  5. Iptables - https://www.netfilter.org/projects/iptables/index.html - The most well known open source firewall for Linux applications to configure and manage the network.

 

Intrusion Detection and Prevention Systems (IDS and IPS)

These utilities are super useful! :-)

  1. Zeek - https://zeek.org/ - A well regarded and often used IDS-like sensor that sits on hardware or software devices to observe and log network traffic for use in a SIEM, for example.
  2. Snort - https://www.snort.org/ - Detects and acts on real-time malicious network activity using the Community Ruleset (paid subscribers get a ruleset by Cisco Talos) for an active IPS solution. Also sniffs and log packets for network traffic debugging.
  3. Suricata - https://suricata.io/ - Top alternative to Snort, is an open source threat detection engine, combining intrusion detection, prevention, network security monitoring and PCAP processing, it works to identify, stop, and assess attacks.
  4. OSSEC - https://www.ossec.net/ - A host-based IDS with log monitoring, SIEM features, file integrity checking, rootkit detection and more.
  5. Kismet - https://www.kismetwireless.net/ - A wireless network and device detector, sniffer and listed here as useful as a wireless intrusion detection system.
  6. Sguil - http://bammv.github.io/sguil/index.html - Boasts a GUI that provides access to real time events, session data, and raw packet captures. Sguil facilitates the practice of network security monitoring and event driven analysis.

 

Anti-Virus / Anti-malware

Anti-virus and anti-malware is more often handled by subscription services, many of which have free versions available, so those are barely in the scope of this article, and we’ll just refer you to a collection of free versions of commercial ones here: https://www.pcmag.com/picks/the-best-free-antivirus-protection and for open source we’ll just mention:

  1. ClamAV - https://www.clamav.net/ - Open source antivirus engine for detecting trojans, viruses, malware & other malicious threats. ClamAV includes a multi-threaded scanner daemon, command line utilities for on demand file scanning and automatic signature updates. Can be used in a variety of situations including email scanning, web scanning, and endpoint security.


Cloud Service Security

The use of cloud computing and storage is a boon for businesses enabling greater resources without adding too much complexity and managerial overhead, but it’s also simultaneously spread out companies attack surfaces and risk profiles. These open source tools can help check them for vulnerabilities:

  1. Scout Suite - https://github.com/nccgroup/ScoutSuite - An open source security-auditing tool enabling security assessments of AWS, Azure, Google Cloud, Alibaba Cloud and Oracle Cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas, misconfigurations and more.
  2. Prowler - https://github.com/toniblyx/prowler - auditing tool for Amazon Web Services (AWS) that is used to evaluate cloud infrastructure against AWS benchmarks, GDPR compliance and HIPAA compliance. It can perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
  3. Pacu - https://rhinosecuritylabs.com/aws/pacu-open-source-aws-exploitation-framework/-  An open source pen testing tool to test the security configuration of a AWS account.

 

Security Information and Event Management (SIEM)

A SIEM helps bring all your logs into one place for centralized monitoring, alerts and analysis. The SIEM will help correlate events across your devices and network to achieve a comprehensive view.

  1. ELK or Elastic Stack - https://www.elastic.co/what-is/elk-stack - "ELK" is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a server‑side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch. Like many software in our article here, there are paid solutions beyond the base open source solution and that’s certainly the case here as well, with the paid versions having confusingly similar names, so you gotta pick between them carefully.
  2. Alien Vault and OSSIM (AT&T Cybersecurity) - https://cybersecurity.att.com/products/ossim - Can integrate other open source tools such as Snort IDS and OpenVAS vulnerability scanner, and provide an integrated web administrative tool to manage the whole security environment.
  3. Graylog - https://www.graylog.org/products/open-source - SIEM with an enterprise version focused on compliance and supporting IT operations and DevOps.


Web Application Firewalls / Reverse Proxies

In lieu of “perfect coding” and configuration of your website or web application, adding a web application firewall (WAF) can help add an extra layer of protection to help achieve “defense in depth” in case one or another safeguard fails.

  1. ModSecurity - https://github.com/SpiderLabs/ModSecurity - ModSecurity is an open source, cross platform WAF engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. Consider including the OWASP Core Rule Set (CRS).
  2. Shadow Daemon - https://shadowd.zecure.org/overview/introduction/ - Shadow Daemon is a collection of tools to detect, record, and block attacks on web applications. Shadow Daemon intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis, and interface to increase security, flexibility, and expandability.


Multi-tool Distribution Suites:

These suites include many of them aforementioned tools within them and much more, and are key starting points for many cybersecurity professionals’ work:

  1. Kali Linux - https://www.kali.org/ -  The go-to suite for vulnerability scanning, penetration testing and all related tools mostly from the “offensive” side perspective.
  2. Security Onion - https://securityonionsolutions.com/software - A granddaddy in this space, it’s like the Kali Linux distribution but for the defensive side. Includes Elasticsearch, Logstash, Kibana, Suricata, Zeek, Wazuh, Stenographer, TheHive, Cortex, CyberChef, NetworkMiner, and many other security tools. Security Onion can help cover your SIEM, IDS and similar needs.

 

Password Managers:

This is a tricky recommendation, as your passwords are so important and valuable long-term that you don’t want to skimp to save a little money here risking anything could go wrong. These open source password managers are definitely worth a look, though:

  1. Passbolt - https://www.passbolt.com/ - Newer, open source, self-hosted, extensible, OpenPGP based.
  2. KeePass - https://keepass.info/ - Great open source option, free and trusted over many years.
  3. Bitwarden - https://bitwarden.com/ - We’re big fans of Bitwarden. They have the free open source tier for personal and small 2 person teams, and reasonably priced paid versions to be able to use at a business.

 

Quick Online Website Security Scanners

Your company surely has a website in its digital realm and these online scanners are good for a quick glance at your website’s security status. They are cursory and only surface layer, though, and shouldn’t replace more in depth vulnerability scanning, but they are surely very helpful.

  1. Web Page Test - https://webpagetest.org/ - A good overall scanner for speed, security and more.
  2. Mozilla Observatory - https://observatory.mozilla.org/ - Good security-only scanner

 

Conclusion

Keep in mind that many of these solutions actually expand out from their category to do a little more than just what they're mainly known for. 

While it’s possible to use open source tools for many of your security software needs, in many cases the open source options require much more hands-on configuring and debugging as they may lack the ease of use of more polished commercial offerings. 

A dedicated IT person can make them worth well with some extra time in most cases. In some categories, like Kali Linux for offensive side tools, for example, the open source tool is actually the preferred industry choice and not a compromise..

At SEIRIM we’re here to help SME’s get cyber secure for less, so if you need help scanning and securing your organization we’d be more than happy to help! Feel free to contact us for cybersecurity services based in Shanghai to find out more.

ABOUT THE AUTHOR

S.R.
Schroeder

Founder of Seirim, S.R. focuses on the art and science of web design, cybersecurity and web development tech to help keep driving SEIRIM's projects and abilities forward.

RECENTLY

SEO Audit Tools - Our favorites at SEIRIM and Why

Get in touch with your website's SEO health with the best auditing tools

Ten Steps to China SEO Success

Gather a new perspective, tools and methodology.

Embrace a Powerful Password Paradigm

Better security is within reach!

SEIRIM Named one of worlds top 250 Managed Security Service Providers

Honored to be recognized for MSSP cybersecurity work

Hot New China Websites

Great websites recently launched for the Chinese audience

Open Source Cybersecurity

Check the open source options first to save your company money!