NETWORK SECURITY TACTICS
Information security freeware has its benefits
Ed Skoudis
12.05.2006
Rating: -4.50- (out of 5)
|
Many enterprises shy away from free information security software, worried that using such tools is somehow asking for trouble. But, as we'll examine in this tip, when judiciously applied, freeware tools can really help enterprise security practitioners cope with the rising onslaught of attacks.
Common freeware concerns
Some enterprises worry that freeware tools, which tend to be open source, are somehow more likely to have flaws that bad guys can exploit. However, freeware often receives more scrutiny from researchers since it is often easier to review; tools can be easily downloaded and researchers aren't subjected to the often lengthy and cumbersome procurement process that's required to review some commercial products. This means that serious security flaws are often worked out earlier in the freeware product life cycle than its commercial counterparts. And, since only certain people can gain access to commercial software during the development phase, a major exploitable flaw may go unnoticed for quite some time. This means when an actual attacker finds ways to exploit the flaw, things can get very ugly very quickly, as illustrated by some of the vulnerabilities in intrusion prevention systems and backup products in the past two years.
Another common concern about freeware is the lack of vendor support. This is a significant issue, and one that has to be carefully managed. While some freeware tools have active user groups and Web sites, where ideas and solutions are exchanged by users and developers alike, others are foisted on the world by a single developer who then moves onto other affairs, with little or no support for such "abandonware." Information security practitioners should strive to use tools that have community support. Alternatively, some managed security services providers and other vendors will provide support services for free products (for a charge, of course).
Another often-cited concern is that no one is legally liable if the tool causes problems. This argument is centered on the premise that an enterprise could sue the vendor who sold it flawed commercial software. Unfortunately, the license agreements of commercial software almost always absolve the vendors from liability for any damage caused by their tools, even when the vendor is at fault. Therefore, legal claims in the commercial market are often just as limited as they are in the free software market.
And without debating whether freeware tools are cheaper than commercial tools, cost is certainly an issue to consider. In the end, the price of software is usually dwarfed by the costs associated with running and supporting it, whether the actual software is free or commercial. When such costs are pulled together for comparison, often, the price of free and commercial tools comes remarkably close.
The benefits of freeware
Still not convinced? Then focus on these two factors:
- Freeware tools are often better than their commercial counterparts, and some even offer features that aren't commercially available yet.
- Organizations no longer have to rely on glossy vendor brochures that promise miracle cures for the latest information security dilemmas, as many freeware tools often come with a "try-before-you-buy" opportunity, meaning you can test a given function in a free tool to see how it applies to your environment and operations, and then decide whether that functionality is important to you, with no direct software cost. If it proves desirable, you can opt to continue relying on the free tool, or purchase a commercial product that provides a similar function.
So, with the promise of useful features and try-before-you buy capabilities, and the often neutralized economic, support, and liability issues, which free tools should you look at for your enterprise? There are a bunch that I've seen small, medium and large enterprises use with good results, including some of following:
Investigation tools: The Helix bootable CD is a fantastic suite of Unix, Linux and Windows forensics analysis tools available in a convenient bootable Linux ISO image. Sleuth Kit is another great analysis tool and is available for both Windows and Unix/Linux.
System analysis and troubleshooting tools: There's a lot of freeware in this category, but the best repository of them all, hands down, is Sysinternals. With software written by hardcore Windows gurus Mark Russinovich and David Solomon, this suite will certainly help figure out what is going on inside a Windows machine. It boasts such notable programs as Process Explorer (which makes the built-in Windows Task Manager look like a chump!), TCPview (which shows TCP and UDP ports in use), Process Monitor (which details about what every process on the box is up to), and many, many more. Showing their usefulness, Microsoft bought the Sysinternals suite in July of 2006, and has made it available (still for free, at least as of this writing) at the Microsoft Web site.
Operations enhancing tools: Some of my favorite free tools that can be applied directly for operational support are associated with intrusion detection, namely Snort and the suite of tools built around it. I'm frequently asked by those considering new intrusion detection system deployments which tool they should buy, and I usually suggest that they start out with the free Snort tool. Using the free Snort tool will allow them to discover how intrusion detection systems can be used in their environments. Then, based on their experience, they can create real-world requirements documents for a commercial purchase, either of a commercialized version of Snort or a completely different commercial intrusion detection system. Snort is a great example of the try-before-you-buy concept.
While not every enterprise will want to run each of these tools and adapt processes around them, they should at least be considered; don't rule them out simply because they are free. I recommend giving in-house infosec pros the ability to use freeware tools where they make sense.
About the author:
Ed Skoudis is a founder and senior security consultant with Intelguardians, a Washington, DC-based information security consulting firm. His expertise includes hacker attacks and defenses, the information security industry and computer privacy issues. In addition to Counter Hack Reloaded, Ed is also the author of Malware: Fighting Malicious Code. He was also awarded 2004, 2005 and 2006 Microsoft MVP awards for Windows Server Security, and is an alumnus of the Honeynet Project. As an expert on SearchSecurity.com, Ed answers your questions relating to information security threats.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
