Language Selection

English French German Italian Portuguese Spanish

Open-Source Security Tools Touted at InfoSec

Filed under
OSS
Security

A well-known security consultant on Tuesday urged cash-strapped businesses to consider using free, readily available open-source security tools and applications to help cope with the rising spate of malicious hacker attacks.

In what has become a recurring theme at this year's InfoSec World conference here, president and principal consultant at Sph3r3 LLC Matt Luallen said enterprises must embrace the same hacking tools used by the bad guys to find potential faults and vulnerabilities within critical information infrastructure.

"You can use open-source applications alongside commercial applications [to cut down on costs]," Luallen said during a show-and-tell with dozens of toolsets that can handle anything from fault identification to spam detection to incident response.

"There are some open-source utilities that blow away commercial products, and you should take advantage of them."

"Some of these tools work so well that, at the very least, you should start evaluating them for widespread use in your organization," Luallen said, seeking to dismiss fears that the absence of product support when using open-source utilities could be a deterrent.

"These open-source tools have better product support-it's called Google Groups. If you do a search on Google Groups, in most situations, you'll have an international community available with answers round-the-clock."

"I'm not here to tell you that you should get rid of commercial products. There are some fantastic commercial products out there. However, in many cases, it is practical, cheaper and even better to look for an open-source alternative," Luallen said.

"Remember, the attack utilities are open-source as well. It's important that you understand the tools the bad guys are using to find holes in your system. You have to use those tools, too, and find the same faults."

Full Story

More in Tux Machines

GNOME News: Black Lab Drops GNOME and Further GNOME Experiments in Meson

  • Ubuntu-Based Black Lab Enterprise Linux 11.0.1 Drops GNOME 3 for MATE Desktop
    Coming about two weeks after the release of Black Lab Enterprise Linux 11, which is based on the Ubuntu 16.04.2 LTS (Xenial Xerus) operating system using the HWE (hardware enablement) kernel from Ubuntu 16.10 (Yakkety Yak), Black Lab Enterprise Linux 11.0.1 appears to be an unexpected maintenance update addressing a few important issues reported by users lately.
  • 3.26 Developments
    My approach to development can often differ from my peers. I prefer to spend the early phase of a cycle doing lots of prototypes of various features we plan to implement. That allows me to have the confidence necessary to know early in the cycle what I can finish and where to ask for help.
  • Further experiments in Meson
    Meson is definitely getting more traction in GNOME (and other projects), with many components adding support for it in parallel to autotools, or outright switching to it. There are still bugs, here and there, and we definitely need to improve build environments — like Continuous — to support Meson out of the box, but all in all I’m really happy about not having to deal with autotools any more, as well as being able to build the G* stack much more quickly when doing continuous integration.

Fedora and Red Hat

Debian and Derivatives

  • Reproducible Builds: week 108 in Stretch cycle
  • Debuerreotype
    The project is named “Debuerreotype” as an homage to the photography roots of the word “snapshot” and the daguerreotype process which was an early method of taking photographs. The essential goal is to create “photographs” of a minimal Debian rootfs, so the name seemed appropriate (even if it’s a bit on the “mouthful” side).
  • The end of Parsix GNU/Linux
    The Debian-based Parsix distribution has announced that it will be shutting down six months after the Debian "Stretch" release.
  • Privacy-focused Debian 9 'Stretch' Linux-based operating system Tails 3.0 reaches RC status
    If you want to keep the government and other people out of your business when surfing the web, Tails is an excellent choice. The Linux-based operating system exists solely for privacy purposes. It is designed to run from read-only media such as a DVD, so that there are limited possibilities of leaving a trail. Of course, even though it isn't ideal, you can run it from a USB flash drive too, as optical drives have largely fallen out of favor with consumers. Today, Tails achieves an important milestone. Version 3.0 reaches RC status -- meaning the first release candidate (RC1). In other words, it may soon be ready for a stable release -- if testing confirms as much. If you want to test it and provide feedback, you can download the ISO now.

OSS Leftovers

  • Chef expands its cloud and container menu
    Chef, a leading DevOps company, announced at ChefConf 2017 that it was adding new capabilities to it flagship Continous Automation/DevOps program, Chef Automate. This enables enterprises to transition from server- and virtual machine- (VM) based IT systems to cloud-native and container-first environments with consistent automation and DevOps practices.
  • Nextcloud 12: The bigger, better, in-house small business cloud
    It's not even been a year since Frank Karlitschek, co-founder and former CTO of ownCloud, forked ownCloud into Nextcloud. Since then, this do-it-yourself, open-source Infrastructure-as-a-Service (IaaS) cloud has become increasingly popular. Now, its latest version, Nextcloud 12, the program is adding more Software-as-a-Service (SaaS) features.
  • The Spirit of Open Source
  • What happened to Mastodon after its moment in the spotlight?
    More than a month later, the buzz over Mastodon has quieted. But though it may not be making headlines, the service continues to grow.
  • Mozilla: One Step Closer to a Closed Internet
    We’re deeply disheartened. Today’s FCC vote to repeal and replace net neutrality protections brings us one step closer to a closed internet. Although it is sometimes hard to describe the “real” impacts of these decisions, this one is easy: this decision leads to an internet that benefits Internet Service Providers (ISPs), not users, and erodes free speech, competition, innovation and user choice.
  • The eternal battle for OpenStack's soul will conclude in three years. Again
    After six years as a formal project, OpenStack has survived numerous raids and famines and now finds itself in a not-too-weird space of being boring, on-premises infrastructure. That is, “boring” in the good way of focusing on what users want and fixing existing problems, only chasing shiny objects – cough, PaaS, cough, containers, cough, orchestration – as much as needed.
  • With version 2.0, Crate.io’s database tools put an emphasis on IoT
    Crate.io, the winner of our Disrupt Europe 2014 Battlefield, is launching version 2.0 of its CrateDB database today. The tool, which is available in both an open source and enterprise version, started out as a general-purpose but highly scalable SQL database. Over time, though, the team found that many of its customers were using the service for managing their machine data and, unsurprisingly, decided to focus its efforts on better supporting those clients.
  • NewSQL CockroachDB Ready for Prime Time
    There's a new open source database on the block. Although it has a name that will most likely make you cringe for the first dozen or so times you hear it -- CockroachDB -- I have a feeling that if it isn't already on your radar, it will be soon.
  • Windows 10 S Won't Support Fedora, SUSE Linux, and Ubuntu
  • Manage Linux servers with a Windows admin's toolkit [Ed: Well, the solution is learning GNU tools, not relying on proprietary stuff with back doors from Microsoft]
  • FreeBSD quarterly status report
  • openbsd changes of note 622
  • Book Review: Relayd and Httpd Mastery

    Overall an excellent book which is typical Michael W Lucas writing style. Easy to follow, clear cut instructions, and tons of new stuff to learn. If one must use OpenBSD or FreeBSD, then the chances are high that one will stick with the defaults that come with OpenBSD. No need to use fat Apache, or Nginx/Lighttpd web server especially when httpd and relayd audited for security by OpenBSD core team.

  • Guix System Distribution (GuixSD) 0.13.0 GNU/Linux OS Supports 64-bit ARM CPUs
    The GNU Guix and GuixSD 0.13.0 releases are here about five months after the December 2016 launch of version 0.12.0, and it appears to be a major milestone implementing a few important changes. First off, this release can now be installed on computers powered by AArch64 (64-bit ARM) processors.
  • The Good And Bad In WikiTribune, Wikipedia Founder's Open-Source News Site
    Countering the fake news threat has become a real challenge for social media platforms, which also serve as avenues of news dissemination along with the traditional media outlets.
  • Android Studio 3.0 Canary 1
  • Jaded by Java? Android now supports Kotlin programming language
  • Rcpp 0.12.11: Loads of goodies
    The elevent update in the 0.12.* series of Rcpp landed on CRAN yesterday following the initial upload on the weekend, and the Debian package and Windows binaries should follow as usual. The 0.12.11 release follows the 0.12.0 release from late July, the 0.12.1 release in September, the 0.12.2 release in November, the 0.12.3 release in January, the 0.12.4 release in March, the 0.12.5 release in May, the 0.12.6 release in July, the 0.12.7 release in September, the 0.12.8 release in November, the 0.12.9 release in January, and the 0.12.10.release in March --- making it the fifteenth release at the steady and predictable bi-montly release frequency.
  • Master Haskell Programming with Free Books
    Haskell is a standardized, general-purpose, polymorphically statically typed, lazy, purely functional language, very different from many programming languages. Recent innovations include static polymorphic typing, higher-order functions, user-definable algebraic data types, a module system, and more. It has built-in concurrency and parallelism, debuggers, profilers, rich libraries and an active community, with approximately 5,400 third-party open source libraries and tools.
  • [Older] Manifesto: Rules for standards-makers

    If we work together on a project based on open tech, these are the principles I will try to stick to. I wanted to put all this in one place, so I can pass it along to future software developers.