InfoWorld has selected the annual open-source tool award winners in the fields of deployment, operation, and securing network security.
Best Open Source Networking and Security Software
BIND, Sendmail, OpenSSH, Cacti, Nagios, Snort—these open-source software for networks remain resilient despite their age. This year’s selections in this category feature mainstays, pillars, newcomers, and rising stars, enhancing network management, security monitoring, vulnerability assessment, rootkit detection, and more.
Icinga 2
Icinga started as a derivative fork of the Nagios system monitoring application. Icinga 2 underwent a complete rewrite, offering users a sleek interface, multi-database support, and an API with numerous extensions. With out-of-the-box load balancing, notifications, and configuration files, Icinga 2 reduces installation time in complex environments. Icinga 2 natively supports Graphite (system monitoring application), providing admins with effortless real-time performance charts. However, the real buzz around Icinga this year is due to the release of Icinga Web 2, a front-end graphical interface system supporting drag-and-drop dashboard customization and streaming monitoring tools.
Administrators can view, filter, and prioritize identified issues while tracking actions taken. A new matrix view allows administrators to see hosts and services on a single page. You can discern which events need immediate attention by reviewing events within specific timeframes or filtering event types. Although Icinga Web 2 features a new interface and enhanced performance, all traditional commands for Icinga and Icinga Web are still supported. This means learning the new version won’t take extra time.
— Fahmida Rashid
Zenoss Core
This
is another powerful open-source software. Zenoss Core offers a complete and all-in-one solution for network administrators to track and manage all applications, servers, storage, network components, virtualization tools, and other enterprise infrastructure elements. Administrators can ensure hardware efficiency and use modularly designed plugins in ZenPacks to extend functionalities.
The Zenoss Core 5 release in February 2015 retained its powerful tools and further enhanced the user interface and dashboard extensions. The web-based control console and dashboard are highly customizable and dynamically adjustable, and now the new version allows mixing multiple component charts into one. This should be a better tool for root cause analysis and causal analysis.
Portlets provide in-depth analysis for network mapping, device issues, daemons, product status, monitoring lists, and event views. Moreover, the new version’s HTML5 charts can be exported from the tools. The Zenoss Control Center supports out-of-band management and can monitor all Zenoss components. Zenoss Core now offers new tools for online backup and recovery, snapshots and rollbacks, and multi-host deployments. Most importantly, with comprehensive Docker support, deployment has become faster.
— Fahmida Rashid
OpenNMS
As a highly flexible network management solution, OpenNMS can handle any network management task, whether device management, application performance monitoring, inventory control, or event management. With IPv6 support, a robust alerting system, and the ability to log user scripts to test web applications, OpenNMS offers everything network administrators and testers need. OpenNMS is now evolving into a mobile version dashboard called OpenNMS Compass, allowing network experts to monitor their networks anytime, even on the go.
The iOS version of the application, available from the iTunes App Store, can display faults, nodes, and alarms. The next version will provide more event details, resource graphs, and information about IP and SNMP interfaces. The Android version is available on Google Play, able to display network availability, faults, and alarms on the dashboard, as well as acknowledge, escalate, or clear alarms. Mobile clients are compatible with OpenNMS Horizon 1.12 or higher and OpenNMS Meridian 2015.1.0 or higher.
— Fahmida Rashid
Security Onion
Like an onion, network security monitoring consists of many layers. No single tool can give you insight into every attack or show footprints of every reconnaissance or session in your corporate network. Security Onion packages many time-tested tools into a user-friendly Ubuntu distribution, allowing you to see who remains in your network and helping isolate these intruders.
Whether engaging in proactive network security monitoring or tracking potential attacks, Security Onion can assist you. Comprising sensors, servers, and display layers, Onion delivers network-based and host-based intrusion detection, comprehensive network packet capture, and all types of logs for inspection and analysis.
It is a star-studded network security toolchain, including tools like Netsniff-NG for packet capture, rule-based network intrusion detection systems Snort and Suricata, the Bro network monitoring system, host-based intrusion detection system OSSEC, and interfaces for display, analysis, and log management such as Sguil, Squert, Snorby, and ELSA (Enterprise Log Search and Archive). This carefully curated toolset is bundled into a wizard-driven installer with full documentation support, helping you get up and running with monitoring as quickly as possible.
— Victor R. Garza
Kali Linux
Kali Linux’s team released a new version of this popular security Linux distribution this year, making it faster and more versatile. Kali now uses the new version 4.0 kernel, with improved hardware and wireless driver support and a smoother interface. The most frequently used tools are readily accessible from the screen’s sidebar. The biggest change is that Kali Linux is now a rolling distribution, with continuous software updates. Kali’s core system is based on Debian Jessie, and the team continually pulls the latest packages from Debian testing, adding Kali-specific new features on top.
The distribution still comes packed with a plethora of penetration testing, vulnerability analysis, security auditing, web application analysis, wireless network assessment, reverse engineering, and exploitation tools. Now the distro features an upstream version tracking system that automatically notifies users when individual tools can be updated. The distribution also offers a series of ARM device images, including Raspberry Pi, Chromebook, and Odroid, while also enhancing the NetHunter penetration testing platform for Android devices. Other changes include the exclusion of the Metasploit Community/Pro edition as Kali 2.0 lacks official Rapid7 support.
— Fahmida Rashid
OpenVAS
OpenVAS, Open Vulnerability Assessment System, is a framework of several services and tools providing vulnerability scanning and vulnerability management. The scanner can use network vulnerability test data updated weekly, or you can use commercial service data. The software framework encompasses a command-line interface (enabling scripted calls) and a browser interface with SSL security provided by Greenbone Security Assistant. OpenVAS offers various plugins for additional functionality. Scans can be scheduled or run on-demand.
You can control multiple systems equipped with OpenVAS through a single master, making it a scalable enterprise vulnerability assessment tool. Its standards compliance allows scan results and configuration storage in an SQL database, making them easily accessible by external reporting tools. Client tools access the OpenVAS Manager via a stateless XML-based OpenVAS Management Protocol, enabling security administrators to enhance the framework’s functionality. The software can be installed as a package or from source, running on Windows or Linux, or downloaded as a virtual application.
— Matt Sarrel
OWASP
OWASP (Open Web Application Security Project) is a nonprofit organization with chapters worldwide focused on improving software security. This community-driven organization provides testing tools, documentation, training, and almost anything you can imagine in developing secure software-related software security assessment and best practices. Some OWASP projects have become crucial components in many security practitioners’ toolkits:
ZAP (Zed Attack Proxy Project) is a penetration testing tool for finding vulnerabilities in web applications. One of ZAP’s design goals is ease of use so that developers and testers who are not security experts can easily utilize it. ZAP offers automated scanning and a set of manual testing tools.
Xenotix XSS Exploit Framework is an advanced cross-site scripting vulnerability detection and exploitation framework that executes scans in a browser engine for realistic results. The Xenotix scanning module uses three intelligent fuzzers, running nearly 5000 different XSS payloads. It features an API allowing security administrators to expand and customize the vulnerability testing toolkit.
O-Saft (OWASP SSL advanced forensic tool) is an SSL audit tool for viewing SSL certificate details and testing SSL connections. This command line tool can run online or offline to assess SSL aspects like algorithm and configuration security. O-Saft built-in checks for common vulnerabilities can be easily extended through scripting. In May 2015, a simple graphical user interface was added as an optional download.
OWTF (Offensive Web Testing Framework) is an automated testing tool following the OWASP Testing Guide and NIST and PTES standards. The framework supports both a web user interface and command line to detect common vulnerabilities in web and application servers, such as configuration flaws and unpatched software.
— Matt Sarrel
BeEF
Web browsers have become the most common vehicle for client-side attacks. BeEF (Browser Exploitation Framework Project) is a widely used penetration tool for assessing web browser security. BeEF launches client-side attacks through the browser, helping you uncover security weaknesses in client systems. BeEF creates a malicious site that a security administrator uses to access the browser they wish to test. BeEF sends commands to attack the browser and uses them to implant software on the client machine. Then the administrator can attack the client machine as though it were an unguarded system.
BeEF comes with frequently used modules such as a keylogger, port scanner, and web proxy, and you can write your own modules or directly send commands to the compromised test machine. BeEF includes several demonstration web pages to help you get started quickly, making it simple to write more pages and attack modules, allowing you to tailor your tests to your needs. BeEF is a highly valuable tool for assessing browser and endpoint security and learning how to launch browser-based attack tests. You can use it to comprehensively demonstrate to your users how malware typically infects client devices.
— Matt Sarrel
Unhide
Unhide is a forensic tool for locating open TCP/UDP ports and processes hidden on UNIX, Linux, and Windows. Hidden ports and processes may indicate the presence of a Rootkit or LKM (loadable kernel module). Rootkits can be challenging to detect and remove because they are designed for stealth, hiding from the OS and user. A Rootkit can use an LKM to conceal its processes or impersonate other processes, allowing it to run on the machine undetected for extended periods. Unhide helps ensure administrators that their systems are clean.
Unhide actually comprises two separate scripts: one for processes and one for ports. The tool queries running processes, threads, and open ports and compares this information against registered activities in the system, reporting differences. Unhide and WinUnhide are very lightweight scripts that run on the command line and produce text output. While not pretty, they are incredibly useful. Unhide is also part of the Rootkit Hunter project.
— Matt Sarrel
See More Open Source Software Winners
InfoWorld’s 2015 Best of Open Source Awards honored more than 100 open-source projects from the top down. More leading open-source software can be explored through the following links:
2015 Bossie Awards: The Best Open Source Applications
2015 Bossie Awards: The Best Open Source Application Development Tools
2015 Bossie Awards: The Best Open Source Big Data Tools
2015 Bossie Awards: The Best Open Source Data Center and Cloud Software
2015 Bossie Awards: The Best Open Source Desktop and Mobile Software
2015 Bossie Awards: The Best Open Source Networking and Security Software
Compiled from: http://www.infoworld.com/article/2982962/open-source-tools/bossie-awards-2015-the-best-open-source-networking-and-security-software.html Author: InfoWorld staff Original: LCTT https://linux.cn/article-7098-1.html Translator: robot527