For a small business, flexibility and cost are key factors to bear in mind when considering a network threat management solution.

The network security space has been dominated by big proprietary vendors like Barracuda, SonicWall, and WatchGuard. However, many people simply don't have the time or budget to research all the possible vendors and order, install, and configure a network appliance, so they postpone addressing network security.

Given the cost and inflexibility associated with proprietary vendors, open source solutions may seem like a good option. However, many businesses have traditionally steered clear of open source alternatives, because early projects lacked the commercial support and documentation that they were familiar with. In addition, most people who haven't had experience with open source don't even know where to begin when evaluating if a particular application is appropriate for the business.

As a result of the perceived downsides of both proprietary and open source solutions, many small businesses simply choose to live with insecure networks and don't deploy a proper suite of security applications. However, leaving the network uncontrolled and vulnerable to attacks is obviously not the optimal solution, nor is investing a lot of money in a proprietary solution that may not provide the desired flexibility, as the needs of the network evolves as the company grows and changes.

The reality is that open source can provide an excellent solution for small businesses. However, because of the slew of open source options out there, it is important to have both some basic starting information and a system by which to evaluate which projects are appropriate. (It also doesn't hurt to have some patience and a sense of adventure when diving into the sea of available open source projects.) In the spirit of helping to create a jumping-off point for those considering open source, here are five free open source security applications that every small business should evaluate:

1) SpamAssassin
Everyone hates the unsolicited e-mail called spam. The open source SpamAssassin (http://spamassassin.apache.org/) is an extremely effective spam filter that is typically installed on the mail server or relay. For those who already have a mail server in place (even Microsoft Exchange), there are a variety of ways to plug in SpamAssassin. It boasts a large community of users who consistently write new SpamAssassin plug-ins, and a SpamAssassin user inherits all of the benefits and support of this very active community.

However, there are downsides to using it. The installation can be tricky, and the platform lacks some of the features that businesses might want, such as a mail quarantine, and blocklist and passlist capabilities because SpamAssassin's job is only to detect whether or not an e-mail is spam. However, there are ways to set up SpamAssassin to mimic quarantine-like actions, such as moving spam to other mailboxes to achieve some of the same results. The spam detection engine is one of the best, including technology like Bayesian filtering, RBLs, and plug-ins for the Razor database and even optical character resolution (OCR). Because the community is so large and active, there are consistently free updates readily available.

In short, SpamAssassin is a great, low-cost alternative to a proprietary spam filter like Barracuda's appliance, which performs the same functions and adds documentation, support, and a few features that they feel SpamAssassin is missing, including a hefty price tag. If you have time for the installation and don't mind taking some time to poke around the community to answer questions, give SpamAssassin a try.

2) ClamAV
ClamAV (www.clamav.net/) is an effective, well-performing virus-scanning engine that can be used in a few different ways. You can treat ClamAV like SpamAssassin and integrate it with a mail server to scan pieces of mail for viruses. You can also install ClamWin (www.clamwin.com/) on every desktop in the company for an extra layer of security. This is similar to using commercial products like Norton Anti-Virus, but ClamWin does not have some of the fancy features. On the plus side, ClamAV, like SpamAssassin, has both the advantage of price (it's free) and of a large community of users submitting signatures, which are often available sooner than they are for any other virus-detection product.

3) L7 Filter
L7 Filter (http://l7-filter.sourceforge.net/) is a module for iptables, the Linux firewall, so it requires a Linux firewall on the network. L7 Filter makes it possible to detect and block an array of protocols that are traditionally difficult to detect and block because they jump around to different ports. Companies that want to block their employees from using AOL Instant Messenger, for example, need to block whatever port AOL IM uses, which theoretically is port 5190 but often shifts to other ports (including the Web port, port 80, which every firewall has open) to ensure a connection. L7 Filter is great for detecting and blocking tougher protocols like Instant Messaging from Yahoo, AOL, and Microsoft, and P2P protocols such as BitTorrent.

Like ClamAV and SpamAssassin, L7 Filter has a user community that develops, maintains, and updates important signatures. Proprietary vendors often have signature lists that try to cover a broad array of topics and are outdated and poorly maintained. Open source projects like L7 Filter, because of its larger community and its focus on a single aspect of security, tend to have newer and larger signature lists that lead to more effective product use.

4) Snort
Snort (www.snort.org/) has evolved into an industry standard for intrusion detection and intrusion prevention. The best thing about Snort, aside from its reputation as an effective intrusion detection system, is that the community is so large and active that you can essentially find a proven signature for virtually anything, be it detecting a certain attack or even whether or not someone is, among other nefarious activities, using a protocol that should be blocked or accessing a Website that is deemed inappropriate for the network. These signatures are available free with a 30-day delay from SourceFire and are professionally maintained. Snort's beauty lies in its flexibility - there are so many proven signatures out there that there are almost limitless options for what it can be used for beyond just intrusion detection.

5) OpenVPN
OpenVPN (http://openvpn.net/) is a great VPN tool for remote access, if you have a lot of users trying to access the network remotely. OpenVPN is similar to other VPN protocols like IPSec and PPTP, but it's much simpler (and is free). There are clients available for Windows, Mac, and Linux, and it avoids issues that commonly plague users of PPTP and IPSec, including problems with NAT. IPSec and PPTP can be tricky to set up in a lot of cases, and they require you to invest time and energy dealing with complex issues like key management. OpenVPN is much less complex, and if you are willing to do research into how to get it up and running, it will be a cost-effective, much more stable VPN than either IPSec or PPTP.

Obviously, open source provides a cost-effective, flexible alternative to proprietary solutions for the network security gateway. These five projects each can be used to perform a vital network security function. However, there is no guarantee that any given open source project is right for your business. It is important to evaluate each project on the basis of several criteria to see if it is appropriate for you to implement and use.

Questions you should ask yourself before implementing any open source project are:
•  What is the installation process like?
•  How good/clear is the documentation? Is it easy to find?
•  How large and active is the user community?
•  Is there someone at your company who is willing to go to the project community for support rather than having a telephone number or a helpline to call?
•  Is there someone in your company who is willing to take some time to find and review online documentation and to figure out the use of the project?

The key for any business of any size thinking of implementing open source is to beware of downsides, know the upsides, and make sure this project is right for you. If there is someone at your company willing to put in a little elbow grease to read the documentation (RTFM), to seek out support, and to go the extra mile to engage with the community, then low-cost, flexible open source solutions can be the best way to secure your network.