Fresh from the 2nd Annual Open Source Symposium, Lyne Bourque reports on how open source is contributing to network security for enterprises.
At many colleges and universities around North America, students learn about a variety of topics. Quite often for reasons of cost and flexibility, courses rely on Open Source alternatives to solutions that the industry typically employs. In fact, for many, Open Source opens new doors for students that would have otherwise been locked out.
Seneca College, located in Toronto, is no exception. In fact, Seneca College recently won an award from McGraw-Hill for Innovation in Education, specifically due to the way we teach Open Source at the College.
This year we held our 2nd Annual Open Source Symposium and it certainly fit the bill as a wide variety of topics were presented from security to higher education theory. Most importantly, the presenters were not just from Seneca College's Programming and Networking programs. Professors from Humber College, York University, Sheridan College and Durham College presented in addition to those from the private sector including IBM.
Some of the topics covered included the usability of Open Source utilities and Voice over IP (VOIP), Wireless Discovery tools, the value of Open Office, changes in the upcoming new Kernel 2.6, and teaching .Net via Open Source tools.
Taking center stage was Open Source and how well it can help drive network security. While a few would argue benefits of closed-source applications, mostly due to their support features, I believe that it is Open Source that can encourage the industry to innovate.
As an example, tools used in the Wireless Discovery presentation highlighted how easy it is to enter into a wireless network. Tools like wavemon, airtraf, wave stumbler and lwspy determine the "accessibility" of a network. Other tools like Kismet, Air Snort, Wellenreiter and Moxy can also be used to expose network vulnerabilities.
We have to remember that we cannot be lax in security by just patching what we think is wrong. Tools like these remind us that we sometimes need to view things from other angles to get the full picture. A savvy network administrator, after setting up a wireless network, can use these tools to determine how open their network is. He can then apply appropriate security to the wireless network (e.g., firewall, authentication controls, encryption via VPN, WEP, MAC controls, static IP, etc.). Finally, of course, he checks again with some of the tools above.
Open Source and security share a fairly long history. Many of the recognizable security tools were created with Open Source ideals. Tools such as Nmap, SATAN, SAINT, SARA, Nessus, Snort, Prelude, ipchains, iptables, squid, tripwire, SSH/OpenSSH, GnuPGP/PGP, OpenSSL, honeyd, MIT Kerberos and many more. Very few, if any, areas of security haven't been covered by one open source project or another.
Page 2: Open Source's Expanding Reach
Open Source's Expanding Reach
Interestingly, these projects are encouraging people to get into security. Take for example, snort. Since its release in 1999, it has been downloaded over 10 million times. Whether people are deploying it at home, in a SOHO or in the LAN of a Fortune 500, it is nonetheless becoming a fixture on a growing number of networks. This project has encouraged users to become comfortable with security without having to deal with two major hurdles: extremely high cost and creation of a monoculture computer/network system.
Perhaps the biggest advantage is that many of the projects are licensed under the GPL. Anyone can download the source, compile it and install. They can then configure it to their heart's content.
Need support? Visit mailing list or forums. Users are very adept at helping each other with problems and for the majority this works. There is, nonetheless, a small percentage that continues to encounter difficulties. By and large, this is no different than paid technical support except for one thing. You don't have to pay $50 an hour to be told, "Reboot your machine. That should solve it," as any administrator can attest.
The second biggest advantage is that open source products reduce the likelihood of a monoculture OS/Network. Certain closed-environments encourage that specific vendor tools be used to allow for ease of function and administration, certainly a logical idea.
Unfortunately, if that specific vendor is the same for your OS, firewall, IDS, Web server, DNS server, etc. and is found to have a dangerous vulnerability, the chances are high that this bug will carry through all servers rather than stopping at just one server/service. With Open Source, we lessen the likelihood of this kind of problem and mitigate some of the inherent risks in a monoculture environment.
Open Source is now in a position to direct where security will go. It's not the be-all-end-all solution, but it certainly opens up the door to better products. We are not dependent on single vendors for boxed solutions and can create avenues to secure networks on our terms. Education centers like Seneca College can help drive Open Source into the business marketplace, where the advantages can be enjoyed by all.
About the Author:
Lyne Bourque is a professor at Toronto's Seneca College where she educates tomorrow's leaders in IT with an eye on today's network security issues and tomorrow's developing threats.