In mid-January, ComputerWorld published an article on five open source security projects to watch. A very interesting read, and anyone with an interest in security should take note of these projects. I’ve had some time to look at these and have summarized my thoughts below:
PacketFence: A Network Access Control (NAC) system, PacketFence offers an open source alternative to InfoExpress and Symantec offering, among others. NAC provides administrators with a way to create policies that govern the way in which devices on a network are allowed to interact. PacketFence is a completely out-of-band solution, which enables remote agents to communicate to a central server that controls network devices. PacketFence also integrates with a number of modules such as Snort, Nessus and FreeRadius to expand the capabilities of the product while leveraging proven technology.
SmoothWall: An open source project that turns a PC into a hardened firewall device. Very cool. Can be installed without vast knowledge of Linux, although knowledge of network traffic and firewalls, well, that’s a good thing. Given the fast rate of obsolescence of hardware, particularly in the PC realm, being able to use 18-month old, antiquated computers to serve a critical function is quite nice. SmoothWall, along with a few other solutions mentioned here take advantage of barely used but outdated equipment.
ModSecurity: An open source web application firewall developed by Trustwave as an Apache module. Having worked with a few web application firewalls in the past including Imperva and AppShield (a former Sanctum offering, later purchased by F5), I have to admit that this is impressive. ModSecurity supports both positive and negative security models and can also monitor outgoing traffic to prevent malicious internal attacks intending to expose or transmit sensitive data. I really like web application firewalls, but managing such a device takes some committment, especially in the early stages. Whether it’s one of the proprietary devices mentioned above or ModSecurity, it is critical to have a good understanding of your positive or negative model, coupled with adequate effort to monitor things and adapt rules as necessary. In other words, these are great tools, but require active participation from a security savvy person to ensure they remain effective, while not blocking valid traffic.
Untangle: An open source, configurable, multi-function firewall solution capable of being deployed on a PC. The primary uses are web filtering, spam blocking and virus checking, but it appears that there are lots and lots of features that can be added. I found this product the most confusing of the bunch, but that’s probably only because I didn’t have the time to wade through the available wiki documentation in its entirety. Untangle appears to be trying to be everything in one package. Not sure if they completely pull this off. Perhaps, they do.
TrueCrypt: Open source file and device encryption for Windows, Mac and Linux. Capable of encrypting entire devices, such as hard disks, USB flash drives or specific partitions with a device. Also, TrueCrypt can create encrypted virtual devices (called TrueCrypt containers) and mount them as a device. I really like this product as they have made the device encryption process easy and accessible for almost all users. This product is a breeze to install and begin using. Just make sure to read the user notes and setup guide. There are some important caveats there that should be understood prior to product use.
Thanks to ComputerWorld for the article on these products. If you haven’t been following their series on open source, it’s a great read for the latest and greatest available in the open source world.