Language Selection

English French German Italian Portuguese Spanish

Open-Source Security Tools Touted at InfoSec

Filed under
OSS
Security

A well-known security consultant on Tuesday urged cash-strapped businesses to consider using free, readily available open-source security tools and applications to help cope with the rising spate of malicious hacker attacks.

In what has become a recurring theme at this year's InfoSec World conference here, president and principal consultant at Sph3r3 LLC Matt Luallen said enterprises must embrace the same hacking tools used by the bad guys to find potential faults and vulnerabilities within critical information infrastructure.

"You can use open-source applications alongside commercial applications [to cut down on costs]," Luallen said during a show-and-tell with dozens of toolsets that can handle anything from fault identification to spam detection to incident response.

"There are some open-source utilities that blow away commercial products, and you should take advantage of them."

"Some of these tools work so well that, at the very least, you should start evaluating them for widespread use in your organization," Luallen said, seeking to dismiss fears that the absence of product support when using open-source utilities could be a deterrent.

"These open-source tools have better product support-it's called Google Groups. If you do a search on Google Groups, in most situations, you'll have an international community available with answers round-the-clock."

"I'm not here to tell you that you should get rid of commercial products. There are some fantastic commercial products out there. However, in many cases, it is practical, cheaper and even better to look for an open-source alternative," Luallen said.

"Remember, the attack utilities are open-source as well. It's important that you understand the tools the bad guys are using to find holes in your system. You have to use those tools, too, and find the same faults."

Full Story

More in Tux Machines

Corporate Desktop Linux

A business doesn’t need a fleet of GNU/Linux guys to run IT. A few will do because one person can easily manage thousands of PCs with FLOSS. There are no licences to count, no networking limitations, no CPUs to count, … They just have to run the software any way that makes sense. Read more

Open-Source Radeon 2D Performance Is Better With Ubuntu 14.10

In this article are graphics card tests going back to the Radeon HD 4870 and even going back that far are 2D improvements with Ubuntu 14.10. However, most interesting is the Radeon HD 7000 series and newer where GLAMOR is used for 2D acceleration rather than UXA. GLAMOR leverages OpenGL for 2D acceleration and with X.Org Server 1.16 the GLAMOR support went from being an independent library to a highly-optimized implementation within the X.Org Server. Ubuntu 14.10 uses X.Org Server 1.16.0 along with Mesa 10.3.0, Linux 3.16, and xf86-video-ati 7.4.0. Read more

What if… KDE Started using Client-Side Decorations?

The main technical challenges faced by KDE developers is ensuring application consistency will continue to work under various form-factors. When Kwin (the KDE window manager) controls window borders, it can quickly and gracefully adapt to multiple form-factors. For example, in Plasma active space is at such a premium KDE can hide window decorations and embed them into the workspace itself. The other technical challenge is protocol and cross-enviornment consistency. It’s known that CSD-enabled applications can look extremly awkward when window borders are wrapped around an application not designed to use them. In addition, protocols for drawing CSDs on Linux are a mish-mash at best, and CSD code tends to be far less portable to other desktop environments. Compounding that, KDE has additional features (such as window tabbing) which are inherently incompatible with the feature. Read more

GNOME: A WEEKEND HACK

I’ve been working on making GtkInspector use a different display connection. This helps isolating it from some of the changes you can trigger from inside the inspector UI. Then I thought, why not use a different backend ?! We did enough work on GDK backend separation that it could almost work. But since we didn’t add API to actually connect to specific backends (users and applications get some control with GDK_BACKEND and gdk_set_allowed_backends()), nobody has ever used multiple backends in the same process. And things that don’t get used don’t work. So some fixes were necessary. Read more