Cybersecurity: Using Open Source Tools to Protect Against Cyber Attacks
The need for cyber security is becoming increasingly important as businesses and individuals continue to conduct business online. As the internet becomes an increasing part of our everyday life, cyber threats also increase in frequency and sophistication. There are now more than 200 million user accounts that have been breached as a result of a cyber-attack.
If you work for a company, your IT department likely has several measures in place to protect against cyber attacks. But if you’re reading this post, it’s probably because you are an individual who uses the internet frequently and is looking for ways to protect your data from hackers and other cyber threats. Or perhaps you want to become more knowledgeable about the topic so that you can better help protect the company or clients you work with. In whatever capacity, this blog post will help you understand what exactly a cyber attack is, why they occur so often, how they happen, and most importantly how we can use open-source tools to protect against them.
1/Basics of open source in cybersecurity
A/Types of open source projects
There is no standard “models” for organizing open-source projects. Most commonly, they fall under one of two buckets:
- Projects are driven by the individuals and teams that are loose. Projects of this type are generally started with little more except the desire to solve a problem and share the solution with others.
- Projects released and maintained by companies. Projects of this type are started and maintained as a part of the strategic decision. A company has a set objective — get users to get started with a free version of the product, gain visibility in the open source community, or increase adoption of their other product offerings, to name a few.
The possibilities in open source are endless; one may even find “open source” tools gated behind the “get a quote” call to action which arguably defeats the idea of open source, to begin with.
2/How open source shapes the future of cybersecurity
With free and open-source tools and components becoming more common in enterprise environments, it is essential to collaborate more on product integrations and threat intelligence as a security vendor.
Adopting open-source software minimizes the cost of overall development and frees the developers to concentrate on more value-added jobs. Another significant benefit of open-source software is its lower cost. And in case a problem arises, you can easily open up and fix the code immediately instead of waiting for a vendor to answer.
Also, Open source gives security professionals full control over what happens in their environment. Empowered with this control, security teams are now starting to expect the same levels of control from commercial tooling which is slowly starting to look like infrastructure
Adding to that, Open source acts as a forcing factor for innovation in cybersecurity in two ways: by leveraging community intelligence and by forcing vendors to add more value to the ecosystem.
Here are some ways for security professionals to ensure security even with an open-source code:
- Use multi-factor authentication and strong passwords
- Eliminate software that isn’t in use anymore
- Keep up with security updates on all your software
- Regulate user access to ensure data security
- Deploy breach detection tool
- Encrypt data as required
- Have a response protocol ready in case of security breach detection
3/Big Challenges of open source in cybersecurity
A/Untrusted Source
One of the reasons for opting to open source is the ease of getting and using open source. However, this same advantage might sometimes cause a sheer headache to a company. When the cybersecurity department is given the power to decide on the tools and software, the department sometimes ends up picking up open-source tools from sources that are not completely trusted. As a result, many open-source tools turn out to be vulnerable to different kinds of attacks and some are even developed in such a way that finding a bug also gets difficult. Therefore, make sure your organization has strong policies on the source and type of open-source tools.
B/Help Attackers Take Different Approach
Cybersecurity today is just like a cat and dog fight. Every time cybersecurity professionals take a strong step in preventing cyber-attacks, hackers come up with a whole new method and try again. It is a trial-and-error method — for both white and black hats.
However, when an organization uses open sources, the scenario gets a little different. Hackers that are launching attacks on organizations backed by open source are first evaluating their cybersecurity tools — attackers can audit the code themselves and look for weak points. And they are getting this power as the source code is open. This is without a doubt, one of the biggest challenges for companies leveraging open source. And if companies in this aspect, the chances are high that they would soon get pwned.
C/Challenge With Updates
Another challenge is with updates. Companies using open-source cybersecurity tools need to manually keep checking for updates for different components. And if not updated on time, those outdated components could pose operational inefficiencies. That is not all, those components might also pose high-risk cybersecurity vulnerabilities as attackers up their hacking game now and then. Therefore, it is advised not to delay updates and have an active eye on every component.
D/Insider Threat
This is one of the most likely events that companies face now and then. When companies leverage open-source software, they must keep in mind that they are giving the developers access to the source code. Humans are considered to be the weakest links in cybersecurity. If socially engineered or manipulated, developers might end up making changes to the source code, opening doors for hackers to exploit. To cope with this challenge, companies need to do a routine check on the things developers work on.
4/Best Open Source Tools/projects to use/contribute
- AlienVault OSSIM:
AlienVault is a commercial and open-source cybersecurity developer acquired by AT&T in 2018. The company’s Open Source Security Information and Event Management (OSSIM) offers free and powerful security information and event management (SIEM) capabilities.
2. John the Ripper
A free tool developed as part of the Openwall Project to help simulate password cracking and check for vulnerabilities. It is one of the best cybersecurity tools for password auditing in business environments.
3. Kali Linux
Kali Linux was developed by Offensive Security, a U.S.-based cybersecurity company. It helps in penetration testing, ethical hacking, and network security assessments in Linux.
4. Metasploit
Metasploit was created in 2003 as a portable network assessment tool. It was acquired by Rapid7 in 2009 and re-envisioned as a penetration testing framework.
5. Nmap
Nmap is a free network scanner first launched in 1997. It is now available in multiple languages like C, C++, Python, and Lua and has a simple graphical user interface (GUI) on top of the source code.
6. OWASP Zed Attack Proxy (ZAP)
The Zed Attack Proxy (ZAP) is a user-friendly pen-testing tool that finds vulnerabilities in web apps. It provides automated scanners and a set of tools for those who wish to find vulnerabilities manually. It’s designed to be used by practitioners with a wide range of security experience and is ideal for functional testers who are new to pentesting or for developers. There’s even an official ZAP plugin for the Jenkins continuous integration and delivery application.
7. OpenCTI
You can use this open-source cybersecurity project to check your organization’s cyber threat intelligence knowledge and observables.
There is always a link between levels of confidence, each piece of information, etc.
They aimed at building a standard tool so you can able effectively utilize technical (e.g TTPs and observables) and non-technical information (e.g suggested attribution, victimology, etc.).
Wrapping UP
Open source is a powerful force that helps shape the future of cybersecurity, accelerating the move from promise-based to evidence-based security, the adoption of product-led growth in the industry, innovation, and the establishment of common standards across the industry. The use of analytics and threat intelligence makes it easier for defenders to identify threats while sharing best practices increases the maturity of cybersecurity globally. Most importantly, it is pushing security forward quietly, and steadily, without driving unnecessary attention and overstating what it is capable of.
