Security freeware abounds

By Ellen Messmer
Network World, 07/26/04

It's great to get something you need for free. And there are a plethora of tools users can deploy for intrusion detection, network mapping and vulnerability assessment available as free downloads from the Web.

Some of these tools, such as the Snort intrusion-detection system (the freeware version of Sourcefire's commercial intrusion-detection system appliance) and the Nessus vulnerability scanner, are used by thousands of organizations. Other tools, such as Coloured Petri Nets, which is used for charting a network into security zones, are less well known. IT managers say they're impressed with what's offered for free via the Web, and they make use of the best they can find.

Coloured Petri Nets lets network managers draw a picture of a network and model it to discover its security strengths and weaknesses, said Peter Stephenson, director of information assurance at Eastern Michigan University's Center for Regional and National Security in Ypsilanti, at the recent NetSec conference in San Francisco. "We can rate servers for criticality and sensitivity" he said, adding that IT staff also strive to understand the nature of content on the computers through user interviews.

Developed by the University of Aarhus in Denmark, Coloured Petri Nets has a link-analysis component to show how it might be possible for an attacker to compromise a desktop or server and reach more critical systems.

The tool helps managers define the sensitivity of computers on their networks, making it clear which ones probably should be cordoned off from general access. "It lets you look at all the domain combinations allowed," Stephenson said.

Stephenson said the university also makes use of the Nessus freeware vulnerability scanner to locate network holes. However, the university doesn't rely on freeware alone to handle security tasks on its 27,000-user network. For example, Guidance Software EnCase Enterprise Edition remotely collects data about servers and desktops, such as what ports might be open and analyzes the registries.

"I can snapshot multiple devices very rapidly and find evidence [that] a device has been penetrated," he said.

The information collected by Nessus, Encase and other tools, such as the SolarWinds SNMP-based mapping tool, contribute to helping build a graphic view of the university's network using Coloured Petri Nets.

Owens Corning, a roofing and building material company in Toledo, Ohio, also has discovered freeware scanning and mapping tools that help keep track of what IP addresses are in use across a network.

Security administrator Paul Townley says the NetCat freeware tool is one of his favorites. It is known as the "Swiss Army knife for network administration" because it finds what's on the network and map it, he says.

NetCat can be downloaded from Sourceforge, a Web site that features a range of open source software. The Web site of @stake, a Cambridge, Mass., security services and products firm, also posts NetCat, which is said to have been written by a former @stake employee who goes by the name Hobbit.

@Stake makes available about two dozen other security tools for free, neatly categorized for information gathering, forensics, network utilities, password auditing, recovery and restoration, and vulnerability scanning.

@Stake spokeswoman Lona Therrien notes that several of these tools, including WFPdisable, written by Andreas Junestam, AUSTIN by Paul Clip, ComBust by Frederic Bret-Mount, and the WAP Assessment Tool by Ollie Whitehouse, are known to be kept up to date because the tool's authors work at @Stake (download them here).

@Stake can't vouch for how up-to-date the freeware is that's not developed by current employees, she notes. That's a thought to keep in mind about freeware: if it's not maintained by a committed tool writer or development community, it might fall behind the times and provide a lot less capability than other tools, particularly in comparison with commercial offerings.

In that case, freeware can be worth exactly what you paid for it.

Free security tools