Windows network and security administrators have a seemingly endless list of tasks they must accomplish on a regular basis in order to maintain the network and ensure the stability and integrity of the environment. With Windows being one of the most widely deployed operating systems, there are a large number of third-party products out there, not to mention the numerous products provided by Microsoft that can help with these tasks. The wealth of security tools available from Microsoft and its partners usually means that administrators don't have to look very far for useful tools or support, but both usually come at a price. Which brings us to open source.
The first part of this series on open source security in a Windows enterprise examined the basic concept of what open source software is, why companies might be reluctant to rely on it and why some open source products appear to be moving toward a commercial software model instead. Regardless of why companies resist open source software or whether or not some products become commercial, there are still very good open source products available that, in many cases, represent the best of the best for their type of application. Aside from the big name open source projects like Snort, Nessus, NMap and Ethereal, some of which may not remain open source for long, there are other very strong candidates available. Below are summaries of a few of them.
AnalogX: AnalogX Packetmon is a small and powerful protocol analyzer or packet sniffer utility. AnalogX Packetmon captures packets that originate from the machine it is running on as well as packets from other computers on the same network. Plus, it has a powerful rule system that allows you to restrict or narrow down which packets are captured so you don't have to sift through mountains of data to find what you are looking for.
coSARA: SARA is an acronym for Security Auditor's Research Assistant. coSARA is a comprehensive network security scanner that discovers, analyzes, and reports on security vulnerabilities of network-based computers, servers, routers and firewalls. It performs more than 1,000 tests on each network node that it discovers, and it is built to support large-scale enterprise environments with up to 25,000 nodes or more. It has recently been ported to Windows with the help of coLinux which is included in the coSARA download.
Angry IP Scanner: Angry IP Scanner is an IP scanner and port scanner. It can scan IP addresses in any range and identify open ports. It is a compact program, small in comparison to other IP or port scanners. Angry IP Scanner pings each IP address to check if it's alive, then (if configured) resolves its hostname, determines its MAC address, scans ports and so on. You can extend the amount of gathered data about each host with the available plugins.
Being open source, there is no vendor to call for training or support and nobody to blame if something goes wrong. However, the more popular products have a huge following and tremendous community support through forums and message boards. You can also use resources such as books from Syngress Publishing, like Nessus Network Auditing, Snort 2.1 Second Edition, Ethereal Packet Sniffing or Nessus, Snort & Ethereal Power Tools, to educate administrators on popular open source tools.
ABOUT THE AUTHOR:
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet/Network Security and provides security tips, advice, reviews and other information. Bradley contributes frequently to industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.
This was first published in January 2006