Welcome!

Open Source Cloud Authors: Zakia Bouachraoui, Yeshim Deniz, Elizabeth White, Liz McMillan, Pat Romanski

Related Topics: Open Source Cloud, Linux Containers

Open Source Cloud: Article

Five Open Source Applications to Get You Started

For a small business, flexibility and cost are key factors to bear in mind when considering a network threat management solution

For a small business, flexibility and cost are key factors to bear in mind when considering a network threat management solution.

The network security space has been dominated by big proprietary vendors like Barracuda, SonicWall, and WatchGuard. However, many people simply don't have the time or budget to research all the possible vendors and order, install, and configure a network appliance, so they postpone addressing network security.

Given the cost and inflexibility associated with proprietary vendors, open source solutions may seem like a good option. However, many businesses have traditionally steered clear of open source alternatives, because early projects lacked the commercial support and documentation that they were familiar with. In addition, most people who haven't had experience with open source don't even know where to begin when evaluating if a particular application is appropriate for the business.

As a result of the perceived downsides of both proprietary and open source solutions, many small businesses simply choose to live with insecure networks and don't deploy a proper suite of security applications. However, leaving the network uncontrolled and vulnerable to attacks is obviously not the optimal solution, nor is investing a lot of money in a proprietary solution that may not provide the desired flexibility, as the needs of the network evolves as the company grows and changes.

The reality is that open source can provide an excellent solution for small businesses. However, because of the slew of open source options out there, it is important to have both some basic starting information and a system by which to evaluate which projects are appropriate. (It also doesn't hurt to have some patience and a sense of adventure when diving into the sea of available open source projects.) In the spirit of helping to create a jumping-off point for those considering open source, here are five free open source security applications that every small business should evaluate:

1) SpamAssassin
Everyone hates the unsolicited e-mail called spam. The open source SpamAssassin (http://spamassassin.apache.org/) is an extremely effective spam filter that is typically installed on the mail server or relay. For those who already have a mail server in place (even Microsoft Exchange), there are a variety of ways to plug in SpamAssassin. It boasts a large community of users who consistently write new SpamAssassin plug-ins, and a SpamAssassin user inherits all of the benefits and support of this very active community.

However, there are downsides to using it. The installation can be tricky, and the platform lacks some of the features that businesses might want, such as a mail quarantine, and blocklist and passlist capabilities because SpamAssassin's job is only to detect whether or not an e-mail is spam. However, there are ways to set up SpamAssassin to mimic quarantine-like actions, such as moving spam to other mailboxes to achieve some of the same results. The spam detection engine is one of the best, including technology like Bayesian filtering, RBLs, and plug-ins for the Razor database and even optical character resolution (OCR). Because the community is so large and active, there are consistently free updates readily available.

In short, SpamAssassin is a great, low-cost alternative to a proprietary spam filter like Barracuda's appliance, which performs the same functions and adds documentation, support, and a few features that they feel SpamAssassin is missing, including a hefty price tag. If you have time for the installation and don't mind taking some time to poke around the community to answer questions, give SpamAssassin a try.

2) ClamAV
ClamAV (www.clamav.net/) is an effective, well-performing virus-scanning engine that can be used in a few different ways. You can treat ClamAV like SpamAssassin and integrate it with a mail server to scan pieces of mail for viruses. You can also install ClamWin (www.clamwin.com/) on every desktop in the company for an extra layer of security. This is similar to using commercial products like Norton Anti-Virus, but ClamWin does not have some of the fancy features. On the plus side, ClamAV, like SpamAssassin, has both the advantage of price (it's free) and of a large community of users submitting signatures, which are often available sooner than they are for any other virus-detection product.

3) L7 Filter
L7 Filter (http://l7-filter.sourceforge.net/) is a module for iptables, the Linux firewall, so it requires a Linux firewall on the network. L7 Filter makes it possible to detect and block an array of protocols that are traditionally difficult to detect and block because they jump around to different ports. Companies that want to block their employees from using AOL Instant Messenger, for example, need to block whatever port AOL IM uses, which theoretically is port 5190 but often shifts to other ports (including the Web port, port 80, which every firewall has open) to ensure a connection. L7 Filter is great for detecting and blocking tougher protocols like Instant Messaging from Yahoo, AOL, and Microsoft, and P2P protocols such as BitTorrent.

Like ClamAV and SpamAssassin, L7 Filter has a user community that develops, maintains, and updates important signatures. Proprietary vendors often have signature lists that try to cover a broad array of topics and are outdated and poorly maintained. Open source projects like L7 Filter, because of its larger community and its focus on a single aspect of security, tend to have newer and larger signature lists that lead to more effective product use.

4) Snort
Snort (www.snort.org/) has evolved into an industry standard for intrusion detection and intrusion prevention. The best thing about Snort, aside from its reputation as an effective intrusion detection system, is that the community is so large and active that you can essentially find a proven signature for virtually anything, be it detecting a certain attack or even whether or not someone is, among other nefarious activities, using a protocol that should be blocked or accessing a Website that is deemed inappropriate for the network. These signatures are available free with a 30-day delay from SourceFire and are professionally maintained. Snort's beauty lies in its flexibility - there are so many proven signatures out there that there are almost limitless options for what it can be used for beyond just intrusion detection.

5) OpenVPN
OpenVPN (http://openvpn.net/) is a great VPN tool for remote access, if you have a lot of users trying to access the network remotely. OpenVPN is similar to other VPN protocols like IPSec and PPTP, but it's much simpler (and is free). There are clients available for Windows, Mac, and Linux, and it avoids issues that commonly plague users of PPTP and IPSec, including problems with NAT. IPSec and PPTP can be tricky to set up in a lot of cases, and they require you to invest time and energy dealing with complex issues like key management. OpenVPN is much less complex, and if you are willing to do research into how to get it up and running, it will be a cost-effective, much more stable VPN than either IPSec or PPTP.

Obviously, open source provides a cost-effective, flexible alternative to proprietary solutions for the network security gateway. These five projects each can be used to perform a vital network security function. However, there is no guarantee that any given open source project is right for your business. It is important to evaluate each project on the basis of several criteria to see if it is appropriate for you to implement and use.

Questions you should ask yourself before implementing any open source project are:
•  What is the installation process like?
•  How good/clear is the documentation? Is it easy to find?
•  How large and active is the user community?
•  Is there someone at your company who is willing to go to the project community for support rather than having a telephone number or a helpline to call?
•  Is there someone in your company who is willing to take some time to find and review online documentation and to figure out the use of the project?

The key for any business of any size thinking of implementing open source is to beware of downsides, know the upsides, and make sure this project is right for you. If there is someone at your company willing to put in a little elbow grease to read the documentation (RTFM), to seek out support, and to go the extra mile to engage with the community, then low-cost, flexible open source solutions can be the best way to secure your network.

More Stories By Dirk Morris

Dirk Morris is the founder and CTO of Untangle, which incorporates more than 30 open source projects into a single open source network gateway platform to stop spam, spyware, viruses, and more.

Comments (1)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...