The ID:OpenSourceTop of the open source
Information security engineers, network security products, and related technologies and processes need to cost a lot of enterprise costs. For most enterprises, they tend to reduce the cost of this part, so many developers will first choose free open source security tools.
In fact, whether it is learning, testing, or deploying on a production basis, security professionals have long regarded open source software as an important part of its toolkit. In this article, we will take stock of 10 IT security toolkits you should know.
For generations of IT security professionals, it is realized that the vulnerability of the network starts with Tenable's Nessus. Nessus is the most popular vulnerability scanner. It is also the third most popular security program. Nessus has a free version and a commercial version. Nessus 7.1.0 is a commercial version. At present, only the 2005 version is still open source and free.
If Nessus is the starting point for IT security engineers to learn vulnerability scanning, then Snort is the starting point for several generation of IT security personnel to learn the knowledge of intrusion detection systems (IDS).
The greatest value of Snort lies in three modes: sniffer, packet recorder, and network intrusion detection system. Therefore, it can be the core of an automated security system, or a component of a series of commercial products. Snort is currently thinking of all branches, Snort has an active community, and if there is no Snort in the list of open source security tools, the list must be incomplete.
Nagios is a monitoring system for monitoring the running state and network information of the system. Like many other open source packages, Nagios also provides free and commercial versions.
Nagios Core is the core of open source projects, based on free open source versions. You can view network status, various system issues, logs, and so on. There are about 50 Nagios-based
The user interface of Nagios can be modified through the front end of the desktop, Web, or mobile platform, and can be managed by one of the available configuration tools.
Ettercap is a multi-purpose packet sniffer program under Linux and BSD systems. It has also been ported to Windows platform. If you need to test the enterprise network to resist MITM, then Ettercap must be your first choice. Since it was first released in 2001, the program has been doing one thing - launching MITM attacks.
5, Infection Monkey
Infection Monkey is a data center security detection tool, published by the Israeli security company GuardiCore at the 2016 black cap conference, which is mainly used for automated testing of data center boundaries and internal server security. The user interface is also one of the obvious features of Infection Monkey, although some open source security projects provide minimalist UI or plug-ins or skins dependent on GUI, but Infection Monkey has the same GUI as many commercial software tools.
The tool is structured into Monkey (scanning and vulnerability exploiters) and C
Delta is a SDN security assessment framework. As a project of open network foundation (ONF), it has two main functions:
It can automatically instantiate attacks against SDN elements in different environments.
It helps to detect unknown security problems in SDN deployment.
7, Cuckoo sandbox
There are many ways to determine whether a file is safe, but these methods have a certain risk. Cuckoo sandbox is a famous open source sandbox system for safe test files. The malware analysis system based on the virtualization environment can automatically execute and analyze the behavior of the program.
8, Sleuth Kit
Figuring out what is happening in the attack may be a key step in preventing future incursions. Sleuth Kit is a collection of CLI based forensics tools and libraries that can be used to restore lost files from disk images and to perform disk image analysis for special events.
Sleuth Kit is the foundation of Autopsy, Autopsy is a GUI front end, which can provide faster and easier analysis for most users. Both are actively developing, and have a large number of dynamic user groups, contributing to new functions and new functions.
Lynis is an audit tool for Linux and Unix provided by system administrators. Lynis scan the configuration of the system and create a professional audit that outlines the system information and security issues.
Lynis source code is hosted on GitHub, and it also has an active development community, which mainly supports its creator Cisofy. One of the special functions of Lynis is that because of its Unix foundation, it can scan and evaluate popular IoT development boards (including Raspberry Pi).
Encryption is important for many security standards, and encryption can be complicated and costly, but EFF has tried to reduce these problems through tools like Certbot. Certbot is an open source automatic client that can extract and deploy a SSL / TLS certificate for your Web server.
Finally, we hope that these open source security tools mentioned in this article can help you.