September 16, 2009

Open Source Security Solutions

A report on the state of security has been released today by the Sans Internet Storm Center , the two main threats posed to an organisation are the threat of targetted "spear phishing" against Client Desktops and attacks against web applications.

Most here at would be familiar with the threat of the malware against Windows Desktops, this report highlights the fact that other client applications are being targeted; Adobe Reader and Quicktime are good examples. Of course running Linux on your desktop lowers the risk of these attack vectors considerably.

Another area where Linux based open source solutions excel is in security vulnerability assessment tools. Use of these tools will help to find security vulnerabilities within your web server and web applications. Once the vulnerabilities are found they can be fixed or remediated.

Here are some tools to get you started:

Nmap for port scanning of your system(s). Shows you open ports on your server and holes in your firewall.
OpenVas for server vulnerability scanning of your servers. It checks for listening ports / services and then tries to confirm if services are vulnerable to exploitation using a db of thousands of vulnerabilities.
Nikto is web service scanner that does a thorough analysis of your web server. Looks for scripts and server misconfigurations that are a security threat.
SQLiX performs SQL Injection Testing that can find vulnerable web application applications. This is a popular attack vector for web application attacks.
OSSECĀ  is a Host based intrusion detection system that is easy to setup and use.

These tools are all high quality and just a sample of the powerful open source security tools that are available.

About the Author: Peter runs the popular online open source security tool scanning site Where various security scanning tools are made available for free to assist in the securing of internet based servers.

Click Here!