Language Selection

English French German Italian Portuguese Spanish

Open-Source Security Tools Touted at InfoSec

Filed under

A well-known security consultant on Tuesday urged cash-strapped businesses to consider using free, readily available open-source security tools and applications to help cope with the rising spate of malicious hacker attacks.

In what has become a recurring theme at this year's InfoSec World conference here, president and principal consultant at Sph3r3 LLC Matt Luallen said enterprises must embrace the same hacking tools used by the bad guys to find potential faults and vulnerabilities within critical information infrastructure.

"You can use open-source applications alongside commercial applications [to cut down on costs]," Luallen said during a show-and-tell with dozens of toolsets that can handle anything from fault identification to spam detection to incident response.

"There are some open-source utilities that blow away commercial products, and you should take advantage of them."

"Some of these tools work so well that, at the very least, you should start evaluating them for widespread use in your organization," Luallen said, seeking to dismiss fears that the absence of product support when using open-source utilities could be a deterrent.

"These open-source tools have better product support-it's called Google Groups. If you do a search on Google Groups, in most situations, you'll have an international community available with answers round-the-clock."

"I'm not here to tell you that you should get rid of commercial products. There are some fantastic commercial products out there. However, in many cases, it is practical, cheaper and even better to look for an open-source alternative," Luallen said.

"Remember, the attack utilities are open-source as well. It's important that you understand the tools the bad guys are using to find holes in your system. You have to use those tools, too, and find the same faults."

Full Story

More in Tux Machines

The importance of community-oriented GPL enforcement

The Free Software Foundation and Software Freedom Conservancy have released a statement of principles on how GPL enforcement work can and should be done in a community-oriented fashion. The president of the Open Source Initiative, Allison Randal, participated as a co-author in the drafting of the principles, together with the leadership of FSF and Conservancy. The Open Source Initiative's mission centers on advocating for and supporting efforts to improve community best practices, in order to promote and protect open source (founded on the principles of free software). While the OSI's work doesn't include legal enforcement actions for the GPL or any of the family of licenses that conform to the Open Source Definition, we applaud these principles set forth by the FSF and Conservancy, clearly defining community best practices around GPL enforcement. Read more

Today in Techrights

Erle-Spider, the Ubuntu Drone with Legs Needs Your Help to Become a Reality - Video

We've talked a lot about the upcoming Ubuntu-powered drone with legs, called Erle-Spider, from the Erle Robotics team, who just demoed the device live earlier today, October 13, on Canonical's UbuntuOnAir YouTube channel (see the video below). Read more

Best Quality and Quantity of Contributions in the New Xen Project 4.6 Release

I’m pleased to announce the release of Xen Project Hypervisor 4.6. This release focused on improving code quality, security hardening, enablement of security appliances, and release cycle predictability — this is the most punctual release we have ever had. We had a significant amount of contributions from cloud providers, software vendors, hardware vendors, academic researchers and individuals to help with this release. We continue to strive to make Xen Project Hypervisor the most secure open source hypervisor to match the security challenges in cloud computing, and for embedded and IoT use-cases. We are also continuing to improve upon the performance and scalability for our users, and aim to continuously bring many new features to our users in a timely manor. Read more