Welcome!

Open Source Cloud Authors: Zakia Bouachraoui, Elizabeth White, Liz McMillan, Yeshim Deniz, Pat Romanski

Related Topics: Open Source Cloud, Linux Containers

Open Source Cloud: Article

Five Open Source Applications to Get You Started

For a small business, flexibility and cost are key factors to bear in mind when considering a network threat management solution

For a small business, flexibility and cost are key factors to bear in mind when considering a network threat management solution.

The network security space has been dominated by big proprietary vendors like Barracuda, SonicWall, and WatchGuard. However, many people simply don't have the time or budget to research all the possible vendors and order, install, and configure a network appliance, so they postpone addressing network security.

Given the cost and inflexibility associated with proprietary vendors, open source solutions may seem like a good option. However, many businesses have traditionally steered clear of open source alternatives, because early projects lacked the commercial support and documentation that they were familiar with. In addition, most people who haven't had experience with open source don't even know where to begin when evaluating if a particular application is appropriate for the business.

As a result of the perceived downsides of both proprietary and open source solutions, many small businesses simply choose to live with insecure networks and don't deploy a proper suite of security applications. However, leaving the network uncontrolled and vulnerable to attacks is obviously not the optimal solution, nor is investing a lot of money in a proprietary solution that may not provide the desired flexibility, as the needs of the network evolves as the company grows and changes.

The reality is that open source can provide an excellent solution for small businesses. However, because of the slew of open source options out there, it is important to have both some basic starting information and a system by which to evaluate which projects are appropriate. (It also doesn't hurt to have some patience and a sense of adventure when diving into the sea of available open source projects.) In the spirit of helping to create a jumping-off point for those considering open source, here are five free open source security applications that every small business should evaluate:

1) SpamAssassin
Everyone hates the unsolicited e-mail called spam. The open source SpamAssassin (http://spamassassin.apache.org/) is an extremely effective spam filter that is typically installed on the mail server or relay. For those who already have a mail server in place (even Microsoft Exchange), there are a variety of ways to plug in SpamAssassin. It boasts a large community of users who consistently write new SpamAssassin plug-ins, and a SpamAssassin user inherits all of the benefits and support of this very active community.

However, there are downsides to using it. The installation can be tricky, and the platform lacks some of the features that businesses might want, such as a mail quarantine, and blocklist and passlist capabilities because SpamAssassin's job is only to detect whether or not an e-mail is spam. However, there are ways to set up SpamAssassin to mimic quarantine-like actions, such as moving spam to other mailboxes to achieve some of the same results. The spam detection engine is one of the best, including technology like Bayesian filtering, RBLs, and plug-ins for the Razor database and even optical character resolution (OCR). Because the community is so large and active, there are consistently free updates readily available.

In short, SpamAssassin is a great, low-cost alternative to a proprietary spam filter like Barracuda's appliance, which performs the same functions and adds documentation, support, and a few features that they feel SpamAssassin is missing, including a hefty price tag. If you have time for the installation and don't mind taking some time to poke around the community to answer questions, give SpamAssassin a try.

2) ClamAV
ClamAV (www.clamav.net/) is an effective, well-performing virus-scanning engine that can be used in a few different ways. You can treat ClamAV like SpamAssassin and integrate it with a mail server to scan pieces of mail for viruses. You can also install ClamWin (www.clamwin.com/) on every desktop in the company for an extra layer of security. This is similar to using commercial products like Norton Anti-Virus, but ClamWin does not have some of the fancy features. On the plus side, ClamAV, like SpamAssassin, has both the advantage of price (it's free) and of a large community of users submitting signatures, which are often available sooner than they are for any other virus-detection product.

3) L7 Filter
L7 Filter (http://l7-filter.sourceforge.net/) is a module for iptables, the Linux firewall, so it requires a Linux firewall on the network. L7 Filter makes it possible to detect and block an array of protocols that are traditionally difficult to detect and block because they jump around to different ports. Companies that want to block their employees from using AOL Instant Messenger, for example, need to block whatever port AOL IM uses, which theoretically is port 5190 but often shifts to other ports (including the Web port, port 80, which every firewall has open) to ensure a connection. L7 Filter is great for detecting and blocking tougher protocols like Instant Messaging from Yahoo, AOL, and Microsoft, and P2P protocols such as BitTorrent.

Like ClamAV and SpamAssassin, L7 Filter has a user community that develops, maintains, and updates important signatures. Proprietary vendors often have signature lists that try to cover a broad array of topics and are outdated and poorly maintained. Open source projects like L7 Filter, because of its larger community and its focus on a single aspect of security, tend to have newer and larger signature lists that lead to more effective product use.

4) Snort
Snort (www.snort.org/) has evolved into an industry standard for intrusion detection and intrusion prevention. The best thing about Snort, aside from its reputation as an effective intrusion detection system, is that the community is so large and active that you can essentially find a proven signature for virtually anything, be it detecting a certain attack or even whether or not someone is, among other nefarious activities, using a protocol that should be blocked or accessing a Website that is deemed inappropriate for the network. These signatures are available free with a 30-day delay from SourceFire and are professionally maintained. Snort's beauty lies in its flexibility - there are so many proven signatures out there that there are almost limitless options for what it can be used for beyond just intrusion detection.

5) OpenVPN
OpenVPN (http://openvpn.net/) is a great VPN tool for remote access, if you have a lot of users trying to access the network remotely. OpenVPN is similar to other VPN protocols like IPSec and PPTP, but it's much simpler (and is free). There are clients available for Windows, Mac, and Linux, and it avoids issues that commonly plague users of PPTP and IPSec, including problems with NAT. IPSec and PPTP can be tricky to set up in a lot of cases, and they require you to invest time and energy dealing with complex issues like key management. OpenVPN is much less complex, and if you are willing to do research into how to get it up and running, it will be a cost-effective, much more stable VPN than either IPSec or PPTP.

Obviously, open source provides a cost-effective, flexible alternative to proprietary solutions for the network security gateway. These five projects each can be used to perform a vital network security function. However, there is no guarantee that any given open source project is right for your business. It is important to evaluate each project on the basis of several criteria to see if it is appropriate for you to implement and use.

Questions you should ask yourself before implementing any open source project are:
•  What is the installation process like?
•  How good/clear is the documentation? Is it easy to find?
•  How large and active is the user community?
•  Is there someone at your company who is willing to go to the project community for support rather than having a telephone number or a helpline to call?
•  Is there someone in your company who is willing to take some time to find and review online documentation and to figure out the use of the project?

The key for any business of any size thinking of implementing open source is to beware of downsides, know the upsides, and make sure this project is right for you. If there is someone at your company willing to put in a little elbow grease to read the documentation (RTFM), to seek out support, and to go the extra mile to engage with the community, then low-cost, flexible open source solutions can be the best way to secure your network.

More Stories By Dirk Morris

Dirk Morris is the founder and CTO of Untangle, which incorporates more than 30 open source projects into a single open source network gateway platform to stop spam, spyware, viruses, and more.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
Jared Ottley's Blog 07/24/07 02:28:18 AM EDT

Trackback Added: Your top 5 Open Source Applications; Dirk Morris, has a post over at SOAWorld, on his top five Open Source applications (slanted of course towards network security, his forte). But it raises an interesting question, what are your top five Open Source applications? What are the ones you c...

IoT & Smart Cities Stories
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...