Http://www.linuxidc.com/Linux/2016-03/129164.htm
InfoWorld has selected the annual open Source Tool winners in the areas of deployment, operation and security of cybersecurity.
Best Open Source Network and security software
BIND, Sendmail, OpenSSH, Cacti, Nagios, Snort--these open-source software for the web, some guys are old and oppositely. This year, among the best choices in this category, you'll find the backbone, pillars, newcomers, and upstarts that are perfecting network management, security monitoring, vulnerability assessment, rootkit detection, and many more.
Icinga 2
Icinga was initially just a derivative branch of the system monitoring application Nagios. Icinga 2 has undergone a complete rewrite, bringing the user a sleek interface, support for multiple databases, and an API that integrates many extensions. With out-of-the-box load balancing, notifications, and configuration files, Icinga 2 shortens the time to install in complex environments. The Icinga 2 native support Graphite (System monitoring app) makes it easy for administrators to present real-time performance graphs. But it really made Icinga this year. The reason for this is Icinga Web 2, a front-end graphical interface system that supports drag-and-drop custom dashboards and some streaming monitoring tools.
Administrators can view, filter, and prioritize discovered issues, while keeping track of actions that have been taken. A new matrix view enables administrators to view hosts and services on a single page. You can see which events require immediate attention by looking at the event or filter event type for a specific time period. While Icinga Web 2 has a new interface and more robust performance, all the common commands for Legacy Icinga and Web version Icinga are still supported. This means that learning the new version of the tool does not cost extra time.
How to deploy the Icinga client http://www.linuxidc.com/Linux/2016-01/127381.htm
--Fahmida Rashid
Zenoss Core
This
is another powerful open source software, Zenoss Core provides network administrators with a complete, one-stop solution to track and manage all applications, servers, storage, network components, virtualization tools, and other elements of the enterprise infrastructure. Administrators can ensure the operational efficiency of the hardware and extend functionality with the modular design of plug-ins in zenpacks.
The Zenoss Core 5, released in February 2015, retains the already powerful tools and is further improved to enhance the user interface and extend the dashboard. The Web-based console and dashboards can be highly customizable and dynamically tuned, and now the new version allows administrators to mash up multiple component diagrams into one chart. Think this should be a better tool for root cause analysis and causal analysis.
Portlets provides in-depth analysis of network mappings, device issues, daemons, product statuses, watch lists, and event views. and the new HTML5 chart can be exported from the tool. Zenoss's control center supports out-of-band management and can monitor all Zenoss components. Zenoss Core now has a number of new tools for online backup and recovery, snapshot and rollback, and multi-host deployments. More importantly, it is faster to deploy with full support for Docker.
--Fahmida Rashid
OpenNMS
As a very flexible network management solution, OpenNMS can handle any network management tasks, whether it is device management, application performance monitoring, Inventory control, or event management. With support for IPV6, a powerful alerting system, and the ability to document user scripts to test WEB applications, OpenNMS has everything the network administrator and testers need. OpenNMS now looks like a mobile dashboard called OpenNMS Compass, allowing network experts to monitor their networks anytime, even when they're out.
The IOS version of the app, available from the ITunes app Store, can display faults, nodes, and alarms. The next release will provide more event details, resource graphs, and information about the IP and SNMP interfaces. Available on Google Play, the Android version shows network availability, faults and alarms on the dashboard, as well as the ability to confirm, elevate, or clear alarms. Mobile clients are compatible with OpenNMS Horizon 1.12 or later, and OpenNMS Meridian 2015.1.0 or later versions.
--Fahmida Rashid
Security Onion
Like an onion, network security monitoring is made up of many layers. There is no single tool that allows you to gain insight into every attack, showing you the footprints of every reconnaissance or conversation on your company's network. Security Onion has packaged a number of proven tools in an easy-to-use Ubuntu release that lets you see who's staying on your network and helps you isolate the bad guys.
Whether you're taking proactive cyber-security monitoring or tracking possible attacks, security Onion can help you. The Onion consists of a sensor, server, and display layer that combines network-based and host-based intrusion detection, comprehensive network packet capture, and provides all types of logs for inspection and analysis.
This is a star-studded network security tool chain, including netsniff-ng for network capture, rules-based network intrusion detection system Snort and Suricata, analysis-based network monitoring system Bro, host-based intrusion detection system ossec and for display, Sguil, Squert, Snorby, and ELSA (Enterprise log Search and Archive) for analytics and log management. It is a carefully selected toolset, all of which are packaged into a wizard-style installer with complete documentation support to help you monitor as quickly as possible.
-Victor R. Garza
Kali Linux
The team behind Kali Linux released a new version of the popular secure Linux distribution this year, making it faster and more versatile. The Kali uses the new 4.0 version of the kernel, improving support for hardware and wireless drivers, and a smoother interface. The most commonly used tools are easily found on the side bar of the screen. The biggest change is that Kali Linux is now a rolling release with ongoing software updates. Kali's core system is based on the Debian Jessie, and the team continues to pull up the latest packages from the Debian beta and continues to add new features Kali style.
The release is still equipped with a lot of penetration testing, vulnerability analysis, security Review, network application analysis, wireless network assessment, reverse engineering, and exploit tools. The release now has an upstream version detection system that notifies users automatically when individual tools are available to update. The release also mentioned a series of images of ARM devices, including Raspberry Pi, Chromebook, and Odroid, while also updating the Nethunter penetration test platform running on Android devices. There are other changes: Metasploit's Community edition/Pro version is no longer included, as Kali 2.0 has no official support for Rapid7.
--Fahmida Rashid
Kali Linux 2016.1 New Release http://www.linuxidc.com/Linux/2016-01/127754.htm
OpenVAS
The Open Vulnerability Assessment (Openvas,open vulnerability Assessment System) is a software framework that integrates multiple services and tools to provide vulnerability scanning and vulnerability management. The scanner can use Network vulnerability test data that is updated once a week, or you can use data from business services. The software framework includes a command-line interface (so that it can be called with scripting) and a browser interface based on the Greenbone Security helper with SSL security. OpenVAS provides a variety of plugins for additional functionality. The scan can be scheduled to run or run on demand.
Multiple systems with OpenVAS installed can be controlled by a single master, making it an extensible Enterprise vulnerability assessment tool. The project's compatible standards allow it to store scan results and configurations in SQL database so that they can be easily accessed by external reporting tools. The client tool accesses the OpenVAS manager through an XML-based stateless OpenVAS management protocol, so security administrators can extend the capabilities of the framework. The software can be installed on Windows or Linux as a package or source code or downloaded as a virtual application.
--Matt Sarrel
OWASP
OWASP (open Web Application Security Project) is a non-profit organization with chapters around the world that focuses on improving software security. This community-based organization provides testing tools, documentation, training, and virtually any software security assessment and best practices you can imagine about developing security software. There are some OWASP projects that have become important components in many security practitioner toolkits:
ZAP (Zed Attack Proxy project) is a penetration testing tool that looks for vulnerabilities in WEB applications. One of ZAP's design goals is to make it easy to use, making it easy for developers and testers who are not experts in the security field to use it. ZAP provides automatic scanning and a set of manual test Toolsets.
The Xenotix XSS Exploit Framework is an advanced cross-site scripting vulnerability detection and exploit framework that performs scans within the browser engine to obtain real-world results. The Xenotix Scan module uses three intelligent blurs (intelligent fuzzers) to enable it to run nearly 5000 different XSS payloads. It has an API that allows security administrators to extend and customize the vulnerability Test Toolkit.
The O-saft (OWASP SSL Advanced Review Tool (OWASP) is an SSL audit tool for viewing SSL certificate details and testing SSL connections. This command-line tool can be run online or offline to evaluate SSL, such as whether the algorithm and configuration are secure. The O-saft built-in provides a common vulnerability check that you can easily extend by writing scripts. Added a simple graphical user interface as an optional download in May 2015.
The OWTF (aggressive Web test framework (Offensive Web testing Framework)) is an automated testing tool that follows the OWASP Test Guide and NIST and PTES standards. The framework supports both Web user interfaces and command lines to detect common vulnerabilities in Web and application servers, such as improper configuration and software patching.
--Matt Sarrel
BeEF
Web browsers have become the most common vectors used for client-side attacks. BeEF (Browser Exploits framework project (Browser Exploitation framework projects) is a widely used penetration tool to evaluate the security of Web browsers. BeEF launches client-side attacks through a browser to help you expose the security weaknesses of your client system. BeEF has established a malicious Web site that the security administrator accesses with the browser they want to test. The BeEF then sends commands to attack the Web browser and use commands to implant the software on the client machine. The administrator can then treat the client machine as an unprotected attack.
BeEF comes with a common module such as keyloggers, port scanners, and WEB proxies, and you can write your own modules or send commands directly to a controlled test machine. BeEF with a small number of demo pages to help you get started quickly, making it easy to write more Web pages and attack modules, so you can customize your tests with the right fit. BeEF is a valuable tool for evaluating browser and endpoint security and learning how to initiate browser-based attack testing. You can use it to give your users a comprehensive demonstration of how malicious software typically infects client devices.
--Matt Sarrel
Unhide
Unhide is a review tool for locating open tcp/udp ports and processes that are hidden on UNIX, Linux, and Windows. The hidden ports and processes may be caused by running rootkits or LKM (loadable kernel module) that can be loaded. Rootkits can be difficult to find and remove because they are specifically designed for concealment and can hide themselves before the operating system and users. A Rootkit can use LKM to hide its process or impersonate another process, allowing it to run on the machine for a long time without being discovered. Unhide, in turn, can convince administrators that their systems are clean.
Unhide is actually two separate scripts: one for the process and one for the port. The tool queries the running processes, threads, and open ports and compares this information to the activities registered in the system, reporting differences. Unhide and Winunhide are very lightweight scripts that can run command lines and produce text output. They are not beautiful, but they are extremely useful. Unhide is also included in the Rootkit Hunter project.
--Matt Sarrel
See more open Source software winners
The best open Source award for the 2015 InfoWorld website praised more than 100 open source projects from bottom to top. Find out more about the leaders in open source software by following these links:
Bossie Award: Best Open Source Application
Bossie Awards: Best Open Source application development tool
Bossie Awards: Best Open source Big Data tool
Bossie Awards: Best Open Source data center and cloud computing software
Bossie Award: Best Open-source desktop and mobile software
Bossie Awards: Best Open Source Network and security software
OWASP SSL Advanced Review Tool