Tuesday, January 24, 2012


Many people assume that securing ICT systems is an expensive undertaking. When it comes to security software, expensive does not equate to secure systems. Vendor security solutions can be very expensive and yet their Open Source (OS) software equivalents tend to be even more secure.

OS software has undergone various misconceptions. The first one is that OS costs as much as proprietary/vendor software. OS security applications are capable of providing adequate security without bursting your budget. Most are either free or dirt-cheap. Notable examples of free OS security software are SpamAssasin, Snort, Nmap, Nessus, FreeBSD and many others.

Another prevalent misconception is that OS security software is dodgy and dangerous because it is open and free. OS is more secure than proprietary software because more developers are assessing and critiquing the code.

OS software code being freely available means that many “white hackers” are constantly ensuring its integrity and security. OS security software is not invulnerable. However by using any of the OS software packages that are widely used, it is possible to use security software whose vulnerabilities have been minimized.

It is also widely believed that outsourcing of a company’s internal network security can only be done through proprietary/vendor software. This is yet another misconception. Paying for expensive vendor systems that purport to prevent your network from being compromised can be avoided.

Open source perimeter management systems are equally capable in monitoring logs/traffic from your internal network. For example Nessus is a reputable OS network vulnerability scanner that can be able to discover bugs throughout an entire organization.

OS security software has some fundamental advantages over vendor software. Probably the most potent advantage is the so called “many eyes” theory. Security vulnerabilities are typically found by examining source code and testing the software for failures. The fact that OS source code is freely available means that it is under constant improvement by developers all over the world.

This transparency means that many people are motivated to sift through the code of OS security projects for a variety of reasons. Bugs are therefore fixed swiftly and better products released to consumers. This therefore discourages those who might try to sneak malicious code into OS security software.

In my opinion, Open Source security applications tend to be more secure than their commercial equivalents. Having in place good basic security controls and practices based on an Open Source platform can better protect your ICT systems.

No comments: