Click here to receive your FREE subscription to Campus Technology

Home > A Cheapskate's Guide to Free Security Software

Spotlight

A Cheapskate's Guide to Free Security Software

8/8/2008

By Doug Gale

Bookmark and Share

Okay, lets admit it: Everybody likes free (well almost everybody, since there is a history of "free" products evolving into for-profit companies). To find out what products were popular in the higher education market place, I conducted a "scientific" survey asking a random selection (a handful of security officers in my address book) to identify their five favorite free security software packages. Based on five responses, here are the results. (In the interest of full disclosure, five responses cannot be represented as a "higher education" response.) Drum Roll. "May I have the envelope, please?"

1. Nessus
Nessus, the world's leading vulnerability scanner, was my respondents' top choice. What does it do? Nessus starts by doing a port scan either with internal portscanners or an external scanner such as NMAP to find out which ports are open and then tries various attacks on the open ports. Quoting from their product literature, Nessus features "high speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks."

Nessus was created by Renaun Deraison in 1998 and until 2005 was open source software. The Nessus 3 engine, now based on proprietary code, is still available to everyone free of charge, but the cost of the plugins is a little more complicated.

In 2008, Tenable Network Security, the company that owns the software, divided users into two categories, "home users" and "commercial users." For home users, which includes personal and non-profit users, Nessus launched "Homefeed" to provide the plugins at no charge. For individuals and organizations that want to use Tenable's Nessus plugins commercially, they created "ProfessionalFeed" that provides subscribers the latest vulnerability and patch audits, configuration and content audits, and commercial support for an annual fee.

2. NMAP
NMAP, a port scanner, was up there with Nessus on my respondents' most popular list. NMAP, which stands for "Network Mapper," is available for free under a GNU General Public License (GPL) and is used for network inventory, managing service upgrade schedules, and monitoring host or service uptime. It looks at raw IP packets to determine what hosts are available, what operating system they are running, what applications they are offering, and what type of packet filters/firewalls are in use--and lots of other good stuff.


Recommended Reading
  • Georgia Tech Helps Develop Web-based Tool To Improve Blood Supply

    The Georgia Tech College of Computing, working in partnership with the Centers for Disease Control and Prevention, has developed a Web-based tool for tracking blood safety. The program is expected to help developing countries improve the adequacy and safety of their national blood supplies through better monitoring and evaluation.

  • Mississippi State Implements Reflex Virtual Management Center

    Mississippi State University has implemented Reflex VMC (Virtual Management Center) from Reflex Systems. The application allows IT administrators to monitor a virtual infrastructure and enforce business and IT policies.

  • Stanford Law School Launches IP Litigation Clearinghouse

    The Law, Science & Technology Program at Stanford Law School has launched the Intellectual Property Litigation Clearinghouse (IPLC), an online database that offers comprehensive information about intellectual property (IP) disputes within the United States.

  • Texas A&M Health Science Center Adopts Banner Administrative Management

    The Texas A&M Health Science Center has selected the Banner Unified Digital Campus (UDC) from Sungard Higher Education to help unify its geographically-dispersed community and to enhance and expand services and communications to its growing student enrollment.

  • NCCC: Data Cleansing Key To Managing Growth

    Community colleges are in a good spot in some ways during the economic downturn, as tight family budgets drive up the appeal of the community college option. But along with the rest of higher education, most community colleges also face shrinking IT budgets and tighter resources. That makes it that much harder to handle the growing enrollment numbers that some community colleges are seeing.

  • Finjan: Layoffs Could Drive IT People To Become Cyber-Criminals

    Security vendor Finjan predicts that the current economic downturn could herald a sharp rise in cybercrime during 2009--driven by the rise in the number of IT people being laid off. According to a report from the company's Malicious Code Research Center (MCRC), more unemployed IT personnel will be tempted to seek "new and easy income by purchasing and using crimeware toolkits that are sold by professional hackers."

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format