50 Essential Open Source Security Tools - page 2

Anti-Everything, Encryption, Secure Delete, Forensics

Hardening

14. Bastille Linux

Bastille Linux/Unix asks you questions about what level of security you need and then "locks down" your OS, educating you about a variety of security topics along the way. Formerly only available for Linux and Unix, it now comes in a Mac OS X version. Operating System: Mac, Linux, Unix.

Intrusion Detection/Prevention

15. Snort

Labeling itself "the de facto standard for intrusion detection/prevention," Snort is the most widely deployed intrusion detection/prevention system in the world. It can perform real-time traffic analysis, packet logging, protocol analysis, content searching, and more. Operating System: Mac, Linux, Unix, BSD, Solaris.

16. OSSEC

This host-based intrusion detection system boasts more than 5,000 downloads a month and is in use at a number of large organizations around the world. Key features include log analysis, file integrity checking, Windows registry monitoring, rootkit detection, and real-time alerting. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.

17. BASE

The Basic Analysis and Security Engine or BASE isn't an IDS itself, but it does works hand-in-hand with Snort to help you make sense of all your IDS data. It provides a Web interface that allows you to search and analyze alert messages. Operating System: OS Independent.

Log Monitoring and Analysis

18. ettercap

Ettercap monitors your LAN, logging and intercepting potential attacks. Key features include sniffing of live connections, content filtering, and more. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.

19. AWStats

With AWStats, you can generate graphical representations of Web, streaming, ftp, or mail server statistics. As a result, you can see at a glance what kind and how many attacks have been directed at your network without slogging through pages of data. Operating System: Windows, Mac, Linux, Unix.

20. SNARE

Short for "System iNtrusion Analysis and Reporting Environment," SNARE collects and analyzes event log data. Multiple report formats are available. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.

Bonus option:

Splunk

While technically not open-source, Splunk is available for free and works so well it was worth inclusion in this list. It not only monitors log files, it analyzes what's happening, making it easier to follow the trail of a hacker and respond to threats. Plus, it can analyze other types of IT data (message alerts, performance data, etc.) as well as security-related files. Operating System: Windows, Mac, Linux, BSD, Solaris, AIX.

Multiple Function Security Solutions

21. OSSIM

Short for "Open Source Security Information Management," OSSIM combines 12 separate open source security tools, including Snort, Nessus, Nagios, and others. The dual goals are to prevent intrusions and give administrators a complete, detailed view of the entire network. Operating System: Windows, Mac, Linux, Unix, BSD, Solaris.

22. Network Security Toolkit (NST)

Combining Wireshark, Nessus, Snort, Nmap, Ntop, Kismet, and many other well-known open-source security apps, NST aims to provide network security administrators with a comprehensive set of security tools. It provides network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, and a host of other functions. Operating System: OS Independent.

23. Kismet

Kismet is a combination wireless network detector, packet sniffer, and IDS. Often used to detect unprotected or hidden networks, it's a valuable tool for checking the security of your wireless network, as well as monitoring network activity. Operating System: Windows, Mac, Linux, Unix, BSD.