1 / 14

Open Source vs. Proprietary Software

Open Source vs. Proprietary Software. Julie Sharp. Outline. What is open source software? Importance of security software Concerns & Responses for open source security. What is Open Source Software?. Source code available online Release license allows customization

enya
Télécharger la présentation

Open Source vs. Proprietary Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Open Source vs. Proprietary Software Julie Sharp

  2. Outline What is open source software? Importance of security software Concerns & Responses for open source security

  3. What is Open Source Software? Source code available online Release license allows customization Alternative to commercial software Allows user to determine security

  4. Importance of Security Software • Network security depends on software and policies • Secure software meets certain demands: • Expertise and dedication of developers • Quality of development tools • Effectiveness of pre-release testing • Maturity of practices throughout life cycle

  5. Objections to Using Open Source Source code available to malicious users Open-source community may not provide patches Lack of expert review process Lack of technical expertise

  6. Defense of Open Source • Diverse team reveals issues quickly • Fast responses to issues • User-created patches • Commercial software only patched by vendor • Collaborative environment • Open source resources already available • BackTrack Linux • Snort • Sysinternals

  7. Choosing O.S. vs. Commercial • Use available resources to verify • Research it yourself? • Search for flaws • Ask peers • Review code • Evaluate advantage of free software vs. paid • Prioritize customization vs convenience • Do not rely on reputation

  8. Additional Risks of Open Source • No stringent evaluation process • Commercial software includes evaluation • Open source software could damage reputation • Counterfeit open source • Trojan horse “security” software • Useful features lure in unsuspecting victims • Lack of funding • No open source software policy

  9. Using Open Source Successfully • Implement security policy • Evaluate the environment • Determine potential threats • Identify security objectives • Check that product meets objectives • Avoid unnecessary downloads • Only download from trusted locations • Evaluate software with regards to plans • Disaster recovery • Business Continuity

  10. Examples of Open Source Security BackTrack Linux Snort Sysinternals

  11. Backtrack Linux • Highest rated Linux security distribution • Terminal and desktop environment • Terminal utilities for security experts • GUI front end for simplicity • Developed to test security • Penetration testing • Black-hat applications http://www.backtrack-linux.org/

  12. Snort • Lightweight IDS/IPS • Developed by Sourcefire • Signature, protocol, and anomaly-based inspection techniques • Most widely used IDS/IPS • De facto standard • GUI options • Snorby • SGUIL https://snorby.org/

  13. Sysinternals • Toolkit for system administration and incident response • Manage, troubleshoot, and diagnose a Windows system • Included Utilities • PsList, PsKill • Process Explorer • PsLoggedOn • Many more!

  14. Resources "10 Sysinternals Tools You Shouldn't Be without." TechRepublic. CBS, n.d. Web. 25 Apr. 2013. <http://www.techrepublic.com/blog/10things/10-sysinternals-tools-you-shouldnt-be-without/2033>. "BackTrack Linux – Penetration Testing Distribution." BackTrack Linux. N.p., n.d. Web. 25 Apr. 2013. <http://www.backtrack-linux.org/>. Collins, Hilton. "Is Open Source Software More Secure than Proprietary Products?" Is Open Source Software More Secure than Proprietary Products? Government Technology, 30 July 2009. Web. 02 Apr. 2013. <http://www.govtech.com/security/Is-Open-Source-Software-More-Secure.html>. "Documentation, Downloads and Additional Resources." Windows Sysinternals. Microsoft, n.d. Web. 25 Apr. 2013. <http://technet.microsoft.com/en-us/sysinternals>. Esler, Joel. "GUIs for Snort." Snort.org Blog. N.p., n.d. Web. 25 Apr. 2013. <http://blog.snort.org/2011/01/guis-for-snort.html>. "Open Source Software Security." Computer Weekly. TechTarget, n.d. Web. 02 Apr. 2013. <http://www.computerweekly.com/feature/Open-source-software-security>. RaoVadalasetty, Sreenivasa. "Security Concerns in Using Open Source Software." SANS Institute InfoSec Reading Room. SANS Institute, 15 Oct. 2003. Web. <http://www.sans.org/reading_room/whitepapers/awareness/security-concerns-open-source-software-enterprise-requirements_1305>. Snorby - All About Simplicity. Snorby, n.d. Web. <https://snorby.org/>. "Snort." Home Page. Sourcefire, n.d. Web. 25 Apr. 2013. <http://www.snort.org/>.

More Related