The Best Open Source Networking and Security Software

Top picks of the year among open source tools for operating and securing networks

The best open source networking and security software
The best open source networking and security software

There's no shortage of excellent open source networking and security tools, and we've celebrated them all at one time or another. (Hint: See previous Bossies roundups or, more recently, "7 killer open source monitoring tools.") Here we were aiming for new and fresh, or at least fresh to us, and for indispensible tools that notched a big release in the past year.

Bro
Bro

This isn't your father's IDS. Bro is a network security monitor and network analysis framework with both academic and operational credentials. Bro is similar to Snort and Suricata, leveraging both signature and anomaly-based intrusion detection. One of the major differences is in Bro's Policy Script Interpreter (PSI), which uses Bro-Script, to accomplish some powerful magic after gathering high-level events from Bro's Event Engine.

The PSI can automate tasks like submitting downloaded files for malware analysis, blacklisting the malware source after notifying your administrator, and adding firewall rules to block offending IPs. There are a number of prewritten Bro scripts that come right out of the box. A serious and high-speed IDS running on Linux, for Gigabit networks, Bro can be a bit complicated to work with at first, but it's extremely extensible and flexible.

-- Victor R. Garza

Security Onion
Security Onion

"Peel back the layers of your network" is the tagline for this well-supported Linux distro, and like all good security packages, Security Onion takes the best tools for the job and puts them all within easy reach. Built primarily for intrusion detection, network security monitoring, and log management, Security Onion could be considered Kali Linux's passive brother, as far as security distros go.

Security Onion is based on Ubuntu and bundles the brightest stars in open source security night sky such as Bro, ELSA, OinkMaster, Scapy, Snorby, Snort, Suricata, Wireshark, and Zenmap. Centralized documentation never hurts, and you'll find that Security Onion does a good job of answering most questions up front. An easy setup wizard smooths your dealings with more than 50 different underlying security packages.

-- Victor R. Garza

OpenWrt
OpenWrt

Described by its maintainers as "a Linux distribution for embedded devices," OpenWrt doesn't merely provide you with a monolithic image to flash onto a router. Rather, it's an entire software ecosystem for embedded hardware, one that allows you to add, remove, swap, or upgrade components freely without the kind of agony normally associated with making those changes. A colossal range of hardware types are supported -- even a generic x86 appliance that can run on your favorite VM. The kernel and the software packages available for OpenWrt (there are thousands) are kept fresh, and the maintainers go out of their way to ensure the project doesn't rely on proprietary code such as binary blobs for device support.

-- Serdar Yegulalp

OpenDaylight
OpenDaylight

OpenDaylight is an open source controller for software-defined networking that enjoys massive vendor support. SDN desperately needs standards for interoperability and integration, but existing standards bodies have processes that prevent rapid innovation (IEEE) or are working on legacy problems (IETF).

With so many of the best networking vendors contributing code, programmers, and resources to the project, OpenDaylight is defining the future of SDN controllers and will determine the protocols and standards to be ratified by the existing standard bodies. The project delivered its first release, Hydrogen, earlier this year.

-- Greg Ferro

Congress
Congress

Congress is a project within OpenStack working toward a policy framework for network operation that will be fundamental to the long-term success of cloud. The concept of a Congress "policy service" is to take business logic along the lines of "I want a service that does this" and transform it into "VM, CPU, memory, storage, firewalls, application, security" using a declarative programming language.

Such a policy service would act as communication plane between the many cloud projects within OpenStack and the commercial plug-ins for OpenStack, so that all can interoperate to meet the customer requirement. The outcome would be an orchestra of coordination between all components in a cloud.

-- Greg Ferro

GRR Rapid Response
GRR Rapid Response

An incident response tool currently in beta, GRR is for those times when you think your network might be compromised. Consisting of a server and an agent, with live forensics, GRR can be used to find an attack, contain it, assess its magnitude and severity, and corral the attacker before your network is completely wrecked.

The client agent runs on Windows, OS X, and Linux platforms, supporting raw disk and raw memory grabs, searching and downloading, and the ability to control agents en masse to search and compare files, regex values, and so on against forensic artifacts.

Designed to be enterprise scalable, GRR aims to make anything that can be done on one client as easy to do on thousands. When trouble strikes, you marshal your army of agents for the hunt.

The server provides a Web UI with IPython console access, basic system timelining, a basic reporting infrastructure, detailed monitoring of client processes, CPU, memory, and IO, with a scalable back end for larger deployments.

-- Victor R. Garza

Wireshark
Wireshark

When it comes to indispensable tools for network monitoring and analysis, Wireshark is the grandaddy of them all. Used for tracking down and isolating network or security issues, Wireshark is the chef's knife of network tools. It can write or read almost ever packet capture file format, it's constantly being updated to find yet another obscure protocol type, and it's backed by scores of good resources and solid documentation.

If there's one downside to Wireshark, it has to do with filtering the enormous amount of data you're able to capture. But get the Wireshark filtering basics under your belt, and the Shark becomes extremely nimble. Even leaner and meaner, terminal-based Tshark is always available when you don't need the full GUI.

-- Victor R. Garza

WiGLE
WiGLE

Finding the perfect wardriving app can be as hard as finding those rogue or misconfigured wireless APs in your enterprise. If you're still looking, check out WiGLE, a wardriving app for Android that leverages a companion database of 150 million geolocated networks.

The Wireless Geographic Logging Engine can display Wi-Fi APs and cell towers on OpenStreetMap or Google Maps. You can also export your own AP locations from the local database via KML or CSV, and show whether the discovered AP has WEP, WPA, or WPA2 encryption.

WiGLE is a handy tool for gathering AP information in the workplace, or even for finding an AP you can use on the road. You can see it in action in this summer's humorous DEFCON 22 presentation, "Weaponizing Your Pets," introducing the WarKitteh.

-- Victor R. Garza

PirateBox
PirateBox

Designed to be installed on an OpenWrt router or a Raspberry Pi, PirateBox is a portable Wi-Fi environment (sans Internet connection) that allows users to share files anonymously.

Great for distributing content at an event, PirateBox works like an old-fashioned bulletin board, but uses a modern browser-based file sharing system. It works easily with phones and tablets, uses a USB stick for file storage, provides chat capability, and includes a DLNA media server for streaming. It's perfect for ad hoc sharing of pictures or files or for isolated peer-to-peer communications in the alley behind the NSA.

-- Victor R. Garza