Tip

Open source Windows security tools

Windows network and security administrators have a seemingly endless list of tasks they must accomplish on a regular basis in order to maintain the network and ensure the stability and integrity of the environment. With Windows being one of the most widely deployed operating systems, there are a large number of third-party products out there, not to mention the numerous products provided by Microsoft that can help with these tasks. The wealth of security tools available from Microsoft and its partners usually means that administrators don't have to look very far for useful tools or support, but both usually come at a price. Which brings us to open source.

The first part of this series on open source security in a Windows enterprise examined the basic concept of what open source software is, why companies might be reluctant to rely on it and why some open source products appear to be moving toward a commercial software model instead. Regardless of why companies resist open source software or whether or not some products become commercial, there are still very good open source products available that, in many cases, represent the best of the best for their type of application. Aside from the big name open source projects like Snort, Nessus, NMap and Ethereal, some of which may not remain open source for long, there are other very strong candidates available. Below are summaries of a few of them.

AnalogX: AnalogX Packetmon is a small and powerful protocol analyzer or packet sniffer utility. AnalogX Packetmon captures packets that originate from the machine it is running on as well as packets from other computers on the same network. Plus, it has a powerful rule system that allows you to restrict or narrow down which packets are captured so you don't have to sift through mountains of data to find what you are looking for.

coSARA: SARA is an acronym for Security Auditor's Research Assistant. coSARA is a comprehensive network security scanner that discovers, analyzes, and reports on security vulnerabilities of network-based computers, servers, routers and firewalls. It performs more than 1,000 tests on each network node that it discovers, and it is built to support large-scale enterprise environments with up to 25,000 nodes or more. It has recently been ported to Windows with the help of coLinux which is included in the coSARA download.

Angry IP Scanner: Angry IP Scanner is an IP scanner and port scanner. It can scan IP addresses in any range and identify open ports. It is a compact program, small in comparison to other IP or port scanners. Angry IP Scanner pings each IP address to check if it's alive, then (if configured) resolves its hostname, determines its MAC address, scans ports and so on. You can extend the amount of gathered data about each host with the available plugins.

Being open source, there is no vendor to call for training or support and nobody to blame if something goes wrong. However, the more popular products have a huge following and tremendous community support through forums and message boards. You can also use resources such as books from Syngress Publishing, like Nessus Network Auditing, Snort 2.1 Second Edition, Ethereal Packet Sniffing or Nessus, Snort & Ethereal Power Tools, to educate administrators on popular open source tools.

ABOUT THE AUTHOR:
Tony Bradley
is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet/Network Security and provides security tips, advice, reviews and other information. Bradley contributes frequently to industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.

 

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.