While there are some excellent commercial “closed source” cybersecurity solutions available, it can be worthwhile exploring open source cybersecurity solutions – many of which can be used by businesses free of charge. Here we provide some open source cybersecurity examples of products that are extensively used by businesses of all sizes to identify vulnerabilities, detect attacks in progress, and improve their security posture.
Network Discovery
Nmap is a useful open source tool for detecting network vulnerabilities, available hosts, open ports, and connected devices. Nmap uses IP packets to detect hosts and provides detailed information on everything connected to your network. Nmap will report on the operating systems of hosts and the services that are running. First and foremost, Nmap is a port scanner that can identify open and closed ports, and whether they are filtered or protected by a firewall. Nmap supports multiple scanning techniques including TCP connect (), TCP SYN (half-open), and FTP, and can perform a wide range of different scan types, with many advanced features for detecting security risks.
Nmap is free to use and has been developed for use by large enterprises with complex networks and huge numbers of connected devices for performing security audits. Nmap is a useful tool for identifying specific unpatched vulnerabilities in applications and operating systems to allow prompt action to be taken. Scripts can be written in Lua for conducting and automating different types of scans. Many solutions have network mapping and security auditing capabilities, but Nmap stands out due to its versatility and ease of use.
Web Server Scanner
Nikto is a Perl-based open source web server scanner that is extensively used by penetration testers. Nikto is most commonly used to identify vulnerabilities and misconfigurations in websites and web applications. Nikto can identify more than 6,700 potentially dangerous files and programs that are commonly found on web servers, and will also check for outdated, vulnerable web server software and version-specific vulnerabilities. Nikto can identify SQL injection, cross-site scripting, installed software, phish for content on web servers, identify unusual headers, attempt to use default credentials to gain access, and identify poorly configured web servers. Vulnerabilities in websites and web applications are common, and they are frequently exploited. With Nikto, you can identify security issues before they are found and exploited by hackers.
Network Intrusion
Snort is a popular, free-to-use open source intrusion prevention tool for Windows and Linux. Snort includes a packet sniffer, packet logger, and a Network Intrusion and Prevention Detection System (NIPDS). Snort is a rule-based solution that uses packet sniffers to identify and analyze traffic, testing each packet against a list of pre-defined rules. If a malicious packet is detected, the event is logged and alerts can be sent to the security team to allow countermeasures to be deployed. Alternatively, some actions can be automated – such as dropping packets. Snort can detect a range of attacks and probes in seconds, including stealth port scans, SMB probes, buffer overflows, attempted OS fingerprinting, and more. Snort Rules are distributed in two sets – the Community Ruleset and the Snort Subscriber Ruleset. The latter is developed and tested by the Cisco Talos team.
Antivirus Software
ClamAV is an open source, command line-managed antivirus solution that can detect malware, viruses, and Trojans, and its databases are constantly updated. ClamAV is free to use and works on all major operating systems, including Linux. ClamAV is not the best antivirus scanner available by any stretch of the imagination, but it does have its advantages. ClamAV can search for malware inside compressed files and is a great choice for scanning emails in mail gateways – which is its main purpose. Several commercial products include ClamAV for virus protection, such as email filtering solutions. The downsides of ClamAV are the lack of features, no support, and a far from intuitive interface. However, ClamAV remains a useful open source security solution in 2022 for scanning mail traffic on gateways and for scanning Linux servers due to the high scanning speed and reasonable detection rates.
Password Management
One of the most common security weaknesses affecting businesses of all sizes is password management. Business can create password policies, but humans are bad at choosing complex and unpredictable passwords, and many will use passwords that meet minimum policy requirements but are still very weak and vulnerable to brute force attacks. It is also common for passwords to be reused across multiple accounts. One solution that can solve the password problems is a password manager. There are several open source password managers available, although Bitwarden stands out for the range of features, ease of use, flexibility, and price.
Bitwarden is available for personal use free of charge, albeit with limited features. However, the free tier is better than most other free password managers and – at a cost of just $10 per year – the premium plan is among the cheapest for security-conscious individuals. The Teams and Enterprise Organization plans are also competitively priced. Bitwarden has active communities on GitHub, Reddit, and its own community forum; and operates a bug bounty program through HackerOne. The solution has also been independently audited and no major security risks were identified. Bitwarden has many integrations, is easy to use, supports 2FA, has an excellent password generator that can be configured to meet user-defined complexity requirements. There is also the option of self-hosting the solution if you are unhappy with having your data stored in the cloud.