Why thinking of using open source security systems?

In 1983, Richard Stallman published the GNU Manifesto in which he explained his own philosophy of Open Source Software which stated that availability of source code and freedom to redistribute and modify software are fundamental rights. After that Richard Stallman launched the GNU Project http://www.gnu.org with an ultimate goal of writing a complete operating system free from constraints on use of its source code.

Richard Stallman, 2014

In 1989, the first version of the GNU General Public License (GPL) was published to be used by software developers as a license for their developed open source programs and as a legal tool to ensure that the produced open source software will remain free and available to everyone on a permanent basis,  in 1991 an updated General Public License version 2 (GPLv2) was published and in 2007 The third version pf The General Public License (GPLv3) was published.

With out of the GNU project to the light and with the development and issuance of the GPL license, a new era of software development had begun and had become a reality. Hundreds of organizations and institutions and thousands of software developers participated in the development of tons of open source systems, applications, tools and even documents in all areas.

Information security field from its both defensive and offensive sides has a great share of the developed open source software tools covering almost all security and data protection technologies and techniques which could be used for securing computing environments of all sizes. These open source security systems include firewalls, proxies, remote control, IPS, IDs, anti-malware, VPN, encryption, vulnerability assessment, penetration testing, forensic ... etc. Most of the currently famous commercial security systems and tools started as open source security software projects.

Now, why thinking of using open source security systems?

Open source security software holds numerous advantages and benefits for business and home users, in the following list we will clarify some of these benefits and advantages.

• Secure Source Code:

Some of us may think that the availability of source code for the open source software is one of the weaknesses that can be used by hackers to discover and exploit security holes in these programs, but on the contrary, the availability of the source code can be reviewed by thousands of software developers to discover and fix security vulnerabilities to enhance level of source code security. Open source software breaks the concept of "Security through obscurity"

• High Quality, Customizability and Flexibility.

Open source software has a high level of quality as it is normally created and improved by thousands or more of software developers whom have their focus on the actual users needs and even those users can have a hand in making or customizing it according to their needs and available resources.

• Integration, Compatibility and Interoperability

Open source software development adheres to open standards protocols and frameworks rather than proprietary ones, which increases its level of integration , compatibility and interoperability between different open sources tools and computing resources  

•  Transparency and Auditability

As source code is available for easily and quickly review and inspection by thousands of developers.

CONECTA2000 notes:

"We can easily see that open source software has a distinct advantage over proprietary systems, since it is possible to easily and quickly identify potential security problems and correct them. Volunteers have created mailing lists and auditing groups to check for security issues in several important networking programs and operating system kernels, and now the security of open source software can be considered equal or better than that of desktop operating systems. It has also already been shown that the traditional approach of security through obscurity leaves too many open holes. Even now that the Internet reaches just a part of the world, viruses and cracker attacks can pose a significant privacy and monetary threat. This threat is one of the causes of the adoption of open source software by many network-oriented software systems."

• Cost

Most open source software available for free or for minimum fee. Open source software cost could be a fraction of the proprietary software cost taking into consideration that the cost may include purchase price, number of available licenses, upgrade, support, administration, virus protection, security fixes and the allocated resources to run the software itself.

• Suitable and scalable for Enterprises,  Small offices and Home users.

The following tables lists some of the best open source security systems available today that cover the below topics:

• Firewalls.
• Network IPS/IDS.
• Host Based IPS/IDS.
• Data Loss Prevention (DLP).
• Anti-Malware.
• Web Content Filter
• Encryption.
• Password Management.
• Web Application Firewall (WAF)
• Email Security.
• Identity Management.
• Patch Management.
• Forensic Analysis.
• Vulnerability Assessment.
• SIEM and NSA.

ID	Technology	Products and Description
1	Firewalls	OPNsense: it is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform which includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. pfSense: The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls.   IPFire: it was designed with both modularity and a high-level of flexibility in mind. You can easily deploy many variations of it, such as a firewall, a proxy server or a VPN gateway. The modular design ensures that it runs exactly what you've configured it for and nothing more. Everything is simple to manage and update through the package manager, making maintenance a breeze.    IPCop: The IPCop Firewall is a Linux firewall distribution. It is geared towards home and SOHO users. The IPCop web-interface is very user-friendly and makes usage easy.
2	Network IPS/IDS	Snort: It could be considered the de-facto standard for IDS and eventually IPS. It's important to note that Snort has no real GUI or easy to use administrative console. Lots of other open source tools have been created to help out, notably Snorby and others like Base and Squil. Suricata: Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors. Bro: Bro, or sometimes referred to as Bro-IDS is a bit different than Snort and Suricata. In a way Bro is both a signature and anomaly-based IDS. Its analysis engine will convert traffic captured into a series of events. An event could be a user logon to FTP, a connection to a website or practically anything. Kismet: Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types. Kismet is the baseline for wireless IDS.
3	Host Based IPS/IDS	OSSEC: OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. SAMHAIN: The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
4	DLP	OPENDLP: Data Loss Prevention suite with centralized web frontend to manage Windows agent filesystem scanners, agentless database scanners, and agentless Windows/UNIX filesystem scanners that identify sensitive data at rest.
5	Anti-Malware	ClamAV: ClamAV® is an open source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and end point security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and an advanced tool for automatic database updates. ClamWIN: ClamWin is a Free Antivirus program for Microsoft Windows 10 / 8 / 7 / Vista / XP / Me / 2000 / 98 and Windows Server 2012, 2008 and 2003. ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code. You may download and use it absolutely free of charge. Nixory:  Nixory is a free and open source antispyware tool written in Python/PyGTK aimed at removing malicious tracking cookies from your browser. It currently supports Mozilla Firefox, Internet Explorer and Google Chrome. It runs on all OS, including Windows, Linux and MacOSX.
6	Web Content Filter	DansGuardian: DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.
7	Encryption	AxCrypt : AxCrypt is the leading open source file encryption software for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files. GnuPG: GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. Version 2 of GnuPG also provides support for S/MIME and Secure Shell (ssh).  Gpg4win: A secure solution for file and email encryption. Gpg4win (GNU Privacy Guard for Windows) is Free Software and can be installed with just a few mouse clicks.
8	Password Management	KeePass: It is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish) KeePassX: It is an application for people with extremly high demands on secure personal data management. It has a light interface, is cross platform and published under the terms of the GNU General Public License
9	WAF	ModSecurity: It is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections. WAF-FLE: It  is a OpenSource ModSecurity Console, allows modsecurity admin to store, view and search events sent by sensors using a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful and easy to use filter, with almost all fields clickable to use on filter. FreeWAF: The FreeWAF provides specialized, layered application threat protection. It protects your web-based applications and internet-facing data from attack and data loss. Using advanced techniques to provide bidirectional protection against sophisticated threats like SQL injection and cross-site scripting, it helps you prevent identity theft, financial fraud and corporate espionage. AQTRONIX WebKnight: It is an application firewall for IIS and other web servers and is released under the GNU General Public License. More particularly it is an ISAPI filter that secures your web server by blocking certain requests. If an alert is triggered WebKnight will take over and protect the web server. It does this by scanning all requests and processing them based on filter rules, set by the administrator. These rules are not based on a database of attack signatures that require regular updates. Instead WebKnight uses security filters as buffer overflow, SQL injection, directory traversal, character encoding and other attacks. This way WebKnight can protect your server against all known and unknown attacks. Because WebKnight is an ISAPI filter it has the advantage of working closely with the web server, this way it can do more than other firewalls and intrusion detection systems, like scanning encrypted traffic. IronBee: It The next-generation open source web application firewall engine, designed to be modular, portable, and efficient, and to give you the tools you need to defend sites from attack.   Vulture: Vulture 2 is a reverse-proxy with features of WebSSO and application firewall. It is based on Apache and mod_security. Vulture interfaces between web and Internet applications to provide protection against application attacks (SQL Injection, Cross Site Scripting, Brute-Force, ...).
10	Email Security	MailScanner: It is a highly respected open source email security system design for Linux-based email gateways. It is used at over 30,000 sites around the world, protecting top government departments, commercial corporations and educational institutions. This technology has fast become the standard email solution at many ISP sites for virus protection and spam filtering. ScrollOUT: Email Gateway designed for Linux & Windows administrators without advanced email security experience. Its goal is to be as simple as possible. An easy to use, already adjusted email gateway (firewall) offering free anti-spam, anti-virus protection in order to secure all existing email servers, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Qmail and more. Open AS Communication Gateway: It is an enterprise-grade spam filtering technologies with an open license. It is developed by experienced server administrators, our open source solution includes no mercy for spammers, scam and malware, keeping your mailboxes clean and safe - for free. DSPAM: It is a scalable and open-source content-based spam filter designed for multi-user enterprise systems. On a properly configured system, many users experience results between 99.5% - 99.95%, or one error for every 200 to 2000 messages. DSPAM supports many different MTAs and can also be deployed as a stand-alone SMTP appliance. For developers, the DSPAM core engine (libdspam) can be easily incorporated directly into applications for drop-in filtering. Apache SpamAssassin: It is the #1 Open Source anti-spam platform giving system administrators a filter to classify email and block spam (unsolicited bulk email). It uses a robust scoring framework and plug-ins to integrate a wide range of advanced heuristic and statistical analysis tests on email headers and body text including text analysis, Bayesian filtering, DNS blocklists, and collaborative filtering databases. Apache SpamAssassin is a project of the Apache Software Foundation (ASF).
11	Identity Management	OpenIDM: It is an open standards based identity management solution. In addition to being open source, OpenIDM offers high flexibility in business process handling and compliance. A flexible user interface combined with a robust workflow engine make OpenIDM ready for any identity management project. Apache Syncope: It is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license MidPoint: It is the most comprehensive open-source Identity Management system currently available on the market. MidPoint is the basic building block of a complete Identity and Access Management solution.
12	Patch Management	WSUS Offline Update: It is an open source and portable tool that could be used to create iso image file which contains all  available updates for all MS Windows and Office versions where each version's updates will be included in a separate iso image file with an automated installation tool. WPKG: It is an open source automated software deployment, upgrade and removal program for Windows.It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server (for example, Samba or Active Directory) to a number of workstations. It can run as a service to install software in the background (silent install), without user interaction. It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation opsi: It is an open source Client Management System for Windows clients and is based on Key features: ◾Automatic OS installation (unattended or image based) ◾Automatic software distribution and patch management ◾Hardware and software inventories ◾License management (cofunding project) opsi server runs on Debian, Ubuntu, OpenSuse, SLES, CentOS, UCS and RHEL. Linux servers vFense: An Open-Source Cross-Platform Patch Management and vulnerabiltiy correlation tool.
13	Forensic Analysis	The Sleuth Kit®  It is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. It is used behind the scenes in Autopsy and many other open source and commercial forensics tools.   Autopsy®  It is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python. Unhide: It is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. XPLICO: The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT). PlainSight: It  is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools. We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment. SANS SIFT: An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Incident Forensic Toolkit (SIFT) Workstation for incident response and digital forensics use and made it available to the whole community as a public service.
14	Vulnerability Assessment	OpenVAS: The Open Vulnerability Assessment System, is a framework that combines multiple services and tools to offer vulnerability scanning and vulnerability management. The scanner is coupled with a weekly feed of network vulnerability tests, or you can use a feed from a commercial service. The framework includes a command-line interface (so it can be scripted) and an SSL-secured, browser-based interface via the Greenbone Security Assistant. OpenVAS accommodates various plug-ins for additional functionality. Scans can be scheduled or run on-demand. Nexpost Nexpose offers vulnerability scanning for very small organizations or individuals. It also comes in paid express, consultant and enterprise versions. Operating System: Metasploit Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research. NMAP: Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
15	SIEM and NSA	OSSIM: OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility. LOGalyze: It is an open source, centralized log management and network monitoring software. If you would like to handle all of your log data in one place, LOGalyze is the right choice. It supports Linux/Unix servers, network devices, Windows hosts. It provides real-time event detection and extensive search capabilities. Security Onion: It is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!