Open Source Internet Security

There is a range of open source Internet security tools that can be used to protect user privacy when accessing the Internet and block a rapidly increasing number of web-based threats. These tools will help to improve your security posture and protect against the majority of threats that are encountered online. Since cyberattacks are becoming much more sophisticated, simply exercising caution online is no longer sufficient to avoid falling victim to a cyberattack or scam.

Open Source Vs. Closed Source

Open source Internet security solutions have their source code made available to the public for inspection, whereas closed-source, or proprietary software, is a black box as far as users are concerned. With proprietary software, trust must be placed in the software developer that they are not engaging in activities that could compromise security or violate privacy. For many people that lack of visibility into the code that powers Internet security solutions is a cause of concern, especially considering the extent to which personal data is used, sold, or unwittingly disclosed by tech firms.

The main advantage of open source is the source code is available for inspection, so security researchers can check the code for vulnerabilities and potentially malicious or undesirable activities. Companies that offer open source transparency are demonstrating they have nothing to hide. The main negative is the source code is available to good and bad actors, so if a vulnerability does exist, it could be found and exploited for malicious purposes. Generally speaking, this is relatively rare, as hackers do not tend to study source code to identify vulnerabilities as there are far easier ways of attacking individuals and businesses.

Proprietary software may not have the source code available for inspection, but that does not mean there is no open source code in the solutions. Most modern applications incorporate at least some open source code, with some proprietary software solutions having up to 80% of their source code coming from open source projects.

Internet Security Threats

The Internet has huge benefits for individuals and businesses. Information can be accessed on virtually any topic in an instant and communication has been made effortless, with messages able to be sent and received in a fraction of a second. However, the Internet is an inherently insecure channel for communication and many Internet security threats exist that are capable of stealing sensitive information and it is easy for malicious files to be downloaded that allow unauthorized access to personal devices. Those threats include phishing, viruses, Trojans, malware, ransomware, spyware, botnets, and all manner of online scams. Cybercriminals also conduct attacks via the Internet on exposed and vulnerable systems that require no user interaction.

While the adoption of cybersecurity best practices can reduce risk, security tools are required to block these threats. In this post, we list some of the best open source Internet security tools available that can be adopted to improve protection against Internet-based threats. Be aware that while open source transparency is certainly a good thing, there is no guarantee that open source Internet security solutions are better than proprietary solutions.

Open Source Internet Security Solutions

There are several categories of open source Internet security solutions, and each is concerned with a different aspect of security or privacy protection. Due to the diverse range of Internet threats and the sophisticated nature of many modern cyberattacks, it is strongly recommended to adopt a defense-in-depth approach to Internet security. That means implementing multiple layers of protection to ensure that, should one component fail, others will be in place to provide continued protection. A combination of the open source Internet security solutions below is therefore recommended.

Open Source Virtual Private Networks

All devices are given a unique Internet Protocol (IP) address which allows them to be identified. A Virtual Private Network (VPN) prevents identification by masking a user’s true IP address to stop them being identified to improve privacy. A VPN is essentially an extension of a private network to cover a public network which allows data to be shared securely between a device and a third-party server by routing data through an encrypted tunnel. While interception of data is blocked and it can be almost impossible for a user to be identified, VPN providers may disclose information about users to law enforcement and a VPN will not provide protection if a connection is made to a malicious website.

There are several open source Internet security solutions available that can provide this level of protection. OpenVPN is one of the most popular solutions and one of the most secure VPNs available. OpenVPN provides 256-AES-CBC encryption with a 2048-bit Diffie-Hellman Key for Windows users and uses an AES-256-CGM and 3072bit DH key for Linux, IOS, and macOS via the IKEv2/IPsec protocol. There is a highly active OpenVPN developer community that reviews and updates the code to ensure OpenVPN remains one of the most secure open source VPN solutions for years to come.

Open Source Web Filters

A web filter is a content filtering solution that is used to prevent access to certain types of undesirable web content. These solutions can be configured to block access to categories of web content such as pornography, gambling, hate speech, or social media networks. Aside from content control, web filters are used to block access to web pages known to be used for phishing, scams, or malware distribution.

Most business web filters are proprietary solutions, although there are some open source Internet security solutions available, with the most popular being OpenDNS. OpenDNS was acquired by Cisco which now has its own proprietary solution for businesses, but OpenDNS continues as an open source solution for consumers which provides basic protection against online threats and the ability to control the content that can be accessed via home routers.

OpenDNS is a DNS-based web filter that works at the DNS lookup stage of web requests and applies filtering controls before any content is downloaded. OpenDNS only has limited features compared to proprietary web filters, but it is a good open source Internet security option that is free for consumers to use. Comodo Dome Shield is a free open source web filter that can be used by consumers, businesses, and managed service providers for content control and malware protection which supports whitelists, blacklists, and allows content blocking by category.

Open Source Firewalls

A firewall is a security solution that prevents unauthorized individuals from gaining access to internal systems and data. Firewalls are usually hardware appliances with rules applied to only permit authorized external connections and to restrict attempts by users and software to external servers. Firewalls can also be software-based, which can be used in addition to or instead of hardware firewalls. Open source software firewalls are extensively used in the consumer market, but also for enterprise security.

One of the most popular open source Internet security solutions for preventing unauthorized access via the Internet is pfSense. pfSense is a free firewall and router built on the FreeBSD system that is suitable for home and enterprise use which includes more functionally than some commercial-grade proprietary firewalls. The firewall can be installed on either a physical computer or a virtual machine, with the controls accessed via a web-based interface. The solution has an extensive set of features, with use cases including a VPN router for software services, LAN/WAN router, NAT device, DNS server, in addition to acting as a firewall.

Open Source Password Managers

Passwords can be stored in browsers, but this is far from ideal from a security perspective. Users rarely remember to log out of browser accounts and anyone with access to a user´s computer or mobile device could review the user´s Internet history and use the browser-stored passwords to log into a user´s web accounts.

A commercial password manager is the best choice for creating and securely storing passwords. These solutions usually include a secure password generator that will generate unique, strong passwords for all accounts. All a user needs to do is set a complex master password for their password vault and they never need to remember another password.

While there are a great many password managers to choose from, the majority are proprietary solutions. However, an excellent open source password manager is available from Bitwarden. The Bitwarden password manager has undergone a third-party security audit and only minor issues were identified, all of which have been addressed. Bitwarden gives the option of cloud-stored or self-hosted password vaults and operates under the zero-knowledge model, so the company cannot access the contents of customers’ password vaults. There is an excellent free tier for personal users, although the full range of features is only available in the paid plans, which are very competitively priced.

Open Source Web Browsers

The web browser market used to be dominated by Internet Explorer, Microsoft’s closed-source web browser. Microsoft’s dominance has since been eroded, and the most popular web browsers are now all open source. Open source web browsers operate with greater transparency and tend to have superior privacy and security controls than closed source solutions. If changes were made to these open source browsers that had the potential to cause security or privacy issues, highly active developer communities would be quick to identify the issues.

The leading open source web browsers are Google Chrome/Chromium, Firefox, and Brave, with the latter offering some of the best privacy protections by blocking all advertisements and website trackers unless they are authorized by users. It is important to note that while Chrome is classed as an open source web browser, it does also contain proprietary code. Google also pushes users into using its services, which provides Google with access to user data.