A good majority of modern day enterprise IT and widely used technologies rely on open source software. Open source has made its presence very well known across networking, virtualization, and more. Open source development services still enjoy great demand, and the community keeps on growing bigger. However, enterprise security systems are still dominated by proprietary and vendor-locked technologies. Fortunately, change in times has brought change in trends as well.
There are a growing number of free open source security tools that are fully capable of both addressing security needs and protecting network, hosts, and data of the enterprises just as good as any proprietary security software. Some of these projects are backed by renowned organizations including major cloud operators and leading security firms.
That said, here are 4 open source security tools you should know about.
Accidental credential disclosures can end up causing a lot of damage for an organization. There have been reports of people accidentally exposing confidential information. One example is when private Amazon Web Services keys, passwords etc. were exposed after having them uploaded to GitHub or other repositories. Even developers may unintentionally do this.
The Commit Watcher open source tool from SourceClear can be a good solution for such mishaps, particular applicable during software development and testing cycles. The tool scans for potentially hazardous commits in both public and private Git repositories. This allows developers and project managers to monitor their projects for accidental credential disclosures. It periodically scans new commits and searches for matches against phrases or keywords defined in the project’s rules. Commit Watcher can be useful in testing enterprise software development projects that handle confidential data.
Keeping secrets out of the code is a key responsibility of developers. Even if they keep the ‘secrets’ in a configuration file, they should still ensure that the file isn’t committed to the code repository. They can add the config file to the .gitignore list to avoid it being committed to the repository. The secrets could be anything including keys that connect to aspects like payment systems, virtual machines, emailers etc. They are to be manually placed on application servers and managed separately from the source code which in turn can present a lot of challenges.
Jak can tackles this issue by allowing developers to commit encrypted ‘secret’ files into Git rather than use .gitignore. The files are included in a jakfile, and Jak ensures that only the encrypted file versions end up committed to the repository. The tool also handles encryption and decryption. Though the tool can be still challenging to use in production, it’s nevertheless useful for developers.
An open source project from GoDaddy, ProcFilter can address the challenge of defending against known threats in Windows environments. It runs as a Windows service and integrates with Microsoft’s ETW (Event Tracing for Windows) thereby logging activities directly into Windows Event Log. The tool can also be configured to scan memory and files whenever processes are created or terminated.
ProcFilter is not a replacement to an antimalware tool, but is more useful as a tool to focus on specific known threats that can potentially compromise the project. For instance, if a peer organization has been hit by a particular threat, you can use ProcFilter to defend against it should it target your organization.
Yara is mainly used to identify and group malicious files. However, it can do more than that. The open source tool from VirusTotal’s Víctor Manuel Álvarez can be very useful for forensic investigations. The user will be able to create rules and Yara performs scans looking for matches. In addition, Yara can also use the virus signature files of popular open source antivirus tool ClamAV. Many more rule sets are also available from the YaraRules repository maintained by the community. However, as there are still some limitations to signature-based threat detection, it would not be wise to rely on Yara to defend from malicious attacks. That’s where ProcFilter can be of use.
Open source technologies are obviously competent in the security department as well, and the tools mentioned above are just a few of the more popular ones. The community behind most open source tools comprises of several big brains including security experts and analysts. Open source security tools are anticipated to bring better changes in the coming times. For developers, familiarizing with the aforementioned tools would be a great way to prepare for an open source-influenced future.