Server Administration
  Home arrow Server Administration arrow Page 2 - An Overview of Open Source Security
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
Download TestComplete 
Forums Sitemap 
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SERVER ADMINISTRATION

An Overview of Open Source Security
By: Bruce Coker
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2008-08-06

    Table of Contents:
  • An Overview of Open Source Security
  • Vulnerability detection and exploitation
  • Intrusion detection and prevention
  • Email security tools
  • Other tools
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    An Overview of Open Source Security - Vulnerability detection and exploitation
    (Page 2 of 5 )

    Vulnerability detection and exploitation tools are used to identify areas of weakness on a network, and to attempt to exploit these weaknesses in order to assess the strength of the network’s defences.

    Nessus

    Despite recent question marks over Nessus’ open source credentials, as the world’s most widely used and highly rated vulnerability scanner it demands to be included in any discussion of security tools. It contains four built-in port scanners, integration with other scanners such as Nmap, and a wide range of exploits and vulnerability tests.

    The engine itself is available as a free open source download. However, the exploit plugins are distributed under a subscription license arrangement, only becoming available to the public for free a week after their release. This means that there is a cost involved in getting the most out of Nessus. Of course if you don’t need instant support and to have the latest plugins available at all times, then Nessus is probably the best free vulnerability testing software to be found.

    Get it from: http://www.nessus.org/download/

    Nmap

    Nmap is one of the first items in any open source toolkit. It is used to identify the computers and services on a network, deriving its name from the network map it constructs. It can list open ports, identify passive services (those that don’t advertise themselves), and interrogate for many details about the hosts it discovers, for example: operating system, uptime, installed software and version numbers, and the presence of certain firewalls. Nmap is a useful tool for identifying the servers that are running on a network, particularly unauthorized ones. Like most network analysis tools, it can be used equally well by attackers as those attempting to secure the network.

    Get it from: http://nmap.org/download.html

    Metasploit

    Originally developed as a game, Metasploit has grown to become one of the most sophisticated security vulnerability reporting tools available. Not strictly a security implementation tool in the conventional sense of the word, its most widely known module is in fact a framework for the development of exploit code. This makes it potentially as useful to hackers as to administrators. However, it does facilitate the thorough testing of publicly advertised vulnerabilities in widely used packages. This, along with the widespread take-up of the platform, has brought a new level of consistency and reliability to security research.

    Get it from: http://www.metasploit.com/framework/download/

    Next: Intrusion detection and prevention >>
     

    More Server Administration Articles
    More By Bruce Coker


     
    >>> Be the FIRST to comment on this article!

    SERVER ADMINISTRATION ARTICLES

    - Processes in the UNIX Shell
    - Migrating from Windows to Wine
    - Wine: Not Another Emulator
    - Preventive Measures to Block SSH Attacks
    - Monitoring Temperatures with Cacti
    - Cacti: RRDTool-based Graphing Solution
    - Network Magic 5.0 Review
    - Netfilter and Iptables Overview
    - Installing and Configuring Squid
    - Clickfree PC Backup Systems Compared
    - Squid, the Caching Proxy
    - Regular Expressions in the Unix Shell
    - Source Code Version Control Solutions
    - OTRS: Open Source Ticket Request System
    - Clonezilla: Free Mass Disk-Cloning Utility
    Find More Server Administration Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 2 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek