Open Source Ammo for the SMB Security Arsenal
Oct 20, 2012 5:00 AM PT
Technology professionals who work in and around SMBs know that sometimes bringing up information security in a smaller IT shop can be a tough sell. In many cases, SMBs feel that they don't present an attractive or large enough target for hackers to be interested in them.
For example, a small community bank or credit union might believe that only a large bank needs to worry about fraud; a small local retailer might think only the big chains need to worry about security.
In practice, nothing could be farther from the truth.
Not only are SMBs actively attacked, they're also in some categories attacked more often (or at least more successfully) than their larger counterparts.
On the Contrary
The Verizon 2012 Data Breach Investigations Report for example found that not only are SMBs -- organizations with fewer than 1,000 employees -- more often the victim of attacks generally, but they're also overwhelmingly the victims of untargeted attacks or are targets of opportunity.
"Large-scale automated attacks are opportunistically attacking small to medium businesses" in significant numbers, the report says.
The point is, SMBs get attacked -- and more often than you might think -- which means they need to worry about security just as much as larger firms. Challenges abound, however: SMBs might have fewer technology staff than larger organizations, they may also find that getting budget for security tools isn't always easy, and the inaccurate perception of reduced need makes business cases for specialized tools hard to pull off.
Enter open source and community supported security software. In many cases, open source security software can fill the gap when funding for heavy, commercially supported, closed-source security tools is hard to come by. For SMBs, having a few open source security tools in their back pocket to meet specific security challenges can be a godsend. Because the tools are free (as in beer), they're relatively easy to get pushed out without the need to go through a purchasing cycle -- and because they're popularly adopted and focused in scope, they can often be deployed without significant staff overhead.
I've put together a "short list" of open source and community-supported security tools for just these situations. These aren't the only open source security tools out there; however, the tools in this list are easy to deploy, fill needs that most SMBs have, and are widely adopted enough to have staying power over a long deployment cycle.
1. ClamAV antivirus
Many organizations will already have selected and deployed an antivirus product for use on managed endpoints. However, having an open source alternative at the ready can be advantageous -- for example, in situations where coverage needs to be expanded quickly (e.g. the virtual environment) or when additional protection is required over and above a commercial tool. In these cases, ClamAV and the Windows equivalent, "Immunet 3.0, powered by ClamAV" provide low-cost malware detection and removal capability.
2. WiKID strong authentication
Strong multi-factor authentication doesn't usually come cheap, but for organizations that need enhanced authentication to resources -- for example, organizations that process credit cards and therefore need to comply with PCI-DSS (Payment Card Industry Data Security Standard) authentication requirements or organizations that just want to ensure enhanced security for remote access -- having a low-cost option on the table can be helpful. For this purpose, the WiKID strong authentication community edition can fit the bill quite nicely. Implementation is fairly straightforward, but depending on how you wish to employ it, you may find freeradius (an open source RADIUS server) a valuable complementary solution.
3. TrueCrypt file encryptionEncryption of data when it leaves the perimeter of the organization has a number of benefits -- for example, safe harbor under many breach disclosure laws. However, commercial tools that provide this functionality can be expensive to license and -- depending on the population of devices you wish to support -- can be a significant effort to roll out. Newer versions of Windows support encryption of files natively (e.g. BitLocker) but only in certain versions and only on newer iterations of the OS. TrueCrypt provides that same functionality -- on-access, transparent encryption of bulk storage -- across a wide array of operating systems and file systems.
4. Snort intrusion detectionAs an enterprise grows, networking requirements grow more complex and interconnections increase and get more complicated. SMBs often feel this pain most acutely: The network is large enough that administrators can no longer whiteboard out every interconnection, but it's still small enough that a massive rearchitecture is still a long way off. As a result, automated security monitoring can be particularly important -- for example, by leveraging intrusion detection to provide alerting to attacker activity. Snort provides intrusion detection capability every bit as sophisticated as commercial counterparts. Note, however, that rules are distributed separately and the most current rules from SourceFire, the owner of Snort, require a paid license. However, they are released to registered users after a period of time and free alternative rules are also available through other channels.
5. Kismet wirelessJust like larger firms, keeping tabs on the wireless (802.11) ecosystem in the SMB is good security practice. Monitoring for rogue access points and ensuring that client stations are appropriately configured keeps the wireless network operating efficiently and securely. The open source Kismet wireless intrusion detection and "sniffing" tool can flag new access points and monitor for insecure configurations. The downside? It doesn't "do" Windows (it's designed for use under BSD/Linux/OS X). However, it runs just fine on older hardware that might be on its way to the recycler anyway.
Having these tools in your back pocket for use in the SMB can provide real value to help bolster your SMB's security stance. It bears repeating that these aren't the only open source security tools -- there are literally hundreds available that we didn't cover -- or even the best tools, necessarily (though one wonders how you would judge such a thing). However, these few meet real security needs that SMBs have, they're easy to deploy, and they've got huge community backing so there's plenty of support to help with installation and troubleshooting should issues be encountered along the way.