This article can also be found in the Premium Editorial Download "Information Security magazine: Depth charge: Survey shows big spending on defense in depth."
Download it now to read this article plus other related content.
In cyberspace, there are two kinds of people: Windows enthusiasts and Linux enthusiasts. Both are steadfastly loyal and will fiercely defend their chosen platform.
I have a message for my Windows-purist friends: You can use Linux to enhance your security without compromising your allegiance to Redmond.
As much as I'd like to, I'm not advocating that you replace your Windows infrastructure. Instead, I'll show you how you can enhance the security of your Windows environment by adding a Linux machine to run free, open-source, best-of-breed security tools -- namely Snort, Nessus and nmap.
For optimum security in a Windows environment, you need to install one of those dreaded Linux boxes.
These tools are widely used on both Linux and Windows platforms to enumerate, monitor and secure systems and networks. But, as I see all too often, Windows people mistakenly insist on trying to run these applications on Windows machines.
Although the open-source Snort IDS can run on Windows, it's faster and more stable on its native *nix. Whether you use it as your primary network-based IDS or as an internal monitor of sensitive subnets, Snort offers security without the expense of commercial apps. If you're going to use Snort, it only makes sense to build it on a Linux box.
The same goes for the Nessus vulnerability scanner. Many organizations have conformed their internal vulnerability scanning practices entirely to Nessus because of its ability to initiate scans and read reports. Although the Nessus client can run on Windows as well, the Nessus server only runs on *nix. I know you like your MBSA, but you can't rely on that alone.
nmap, the most powerful and popular port scanner, will run on nearly every major platform, but it was born and raised on Unix. Even in Windows, you must revert to a command-line interface to use this tool. Speed and functionality really aren't issues here, but many people believe that nmap runs more efficiently on Linux than Windows.
Geeks love these tools for their simplicity, but the Windows folks have asked for better management capabilities and, more particularly, a GUI. From that, Sourcefire (for Snort) and Tenable Network Security (for Nessus) were born. Nevertheless, these management solutions are still rooted in Linux and are only suitable in heterogeneous environments.
The best way to begin exploring these tools is to boot a PC with Knoppix STD, available on a bootable Linux CD, to create your own security-geared Linux system. All of the tools are ready to use on the CD, which doesn't install or modify data on your hard drive; when you reboot, you'll be back on your unmolested Windows machine. Though running an OS from the CD-ROM drive is slow, it's a good way to try out these tools.
For optimum security in a Windows environment, you need to install one of those dreaded Linux boxes. It won't hurt or cost too much, and you can install a Linux distribution onto 2002-era top-of-the-line hardware and fulfill most of your organization's needs, provided you fill it with RAM. There are extremely capable 2.4 GHz servers selling new for about $600 that will work well, and, at that price, it's more than worth a little cross-platform compromising.
JAY BEALE is the lead developer of Bastille Linux and the editor of Syngress Publishing's Open Source Security series.
This was first published in April 2004