Skip to main content

Open-source and free CyberSecurity tools for enterprises environment




Hello Everyone, in this article I am sharing some valuable open-source and free cybersecurity tools to use in an enterprise environment. Some tools required a license to activate advanced features.

Most of the tools I personally implemented and used in medium-level business infrastructure. Which tools required Linux and little programming knowledge to handle and maintain. Because sometimes tools will get crash due to some open/known bugs.

PfSense Firewall

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third-party free software packages for additional functionality. pfSense software, with the help of the package system, can provide the same functionality or more as common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big-name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

You required a specific device to install this software or you can do it with VMware.

DOWNLOAD

OpenVAS Vulnerability scanner

OpenVAS has been developed and driven forward by the company Greenbone Networks since 2006.

OpenVAS is an open-source vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans, and a powerful internal programming language to implement any type of vulnerability test.
The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates.

But this tool is hard to run on a Personal PC (8 GB RAM-i5). Slow scanner and you need to be paid license to unlock advanced features.

Download Paid Version. Download the Free version.

AlienVault OSSIM – SIEM Tool

One of the best and most intelligent SIEM tools in the open-source community. Personally, I was very happy. OSSIM does an active scan and alerts immediately once the attack is on the victim’s PC.

Because of these good qualities, AT&T cybersecurity was acquired in 2019. Even though an open-source community edition is available.

9/10 for the scanning report and data process speed. But while I am using faced SQL database crash multiple times.

  • Asset discovery
  • Vulnerability assessment
  • Intrusion detection
  • Behavioral monitoring
  • SIEM event correlation

DOWNLOAD community edition

PacketFence-Open Source NAC

NAC (Network Access Controller) is a powerful tool in cybersecurity to do automation with multivendor devices like firewall, switches, Wi-Fi controllers, Anti-Virus, AD, etc., and which help to achieve Zero-trust and BYOD concept.

PacketFence is a fully supported, trusted, Free, and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive portal for registration and remediation, centralized wired, wireless, and VPN management, industry-leading BYOD capabilities, 802.1X and RBAC support, integrated network anomaly detection with layer-2 isolation of problematic devices; PacketFence can be used to effectively secure small to very large heterogeneous networks.

 It can be hosted on Amazon AWS, Microsoft Azure, Rackspace, or others.

DOWNLOAD latest version

OSSEC Host-based Intrusion Detection System (HIDS)

OSSEC has a powerful correlation and analysis engine, integrating log analysis, file integrity monitoring, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, macOS, Solaris, and Windows.

Features :

  • Log-based Intrusion Detection (LIDs)
  • Compliance Auditing
  • Rootkit and Malware Detection
  • File Integrity Monitoring (FIM)
  • Active Response
  • System Inventory

This tool can integrate with Cloudfare, Slack, ELK, Paloalto, and Unisys for advanced analysis.

DOWNLOAD

Security Onion (SOS)

Security Onion is a free and open-source Linux distribution for threat hunting, enterprise security monitoring, and log management. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes! Security Onion includes Elasticsearch, Logstash, Kibana, Suricata, Zeek (formerly known as Bro), Wazuh, Stenographer, TheHive, Cortex, CyberChef, NetworkMiner, and many other security tools.

NIDS

Collect network events from Zeek, Suricata, and other tools for complete coverage of your network. Cast a wide net to catch the bad guys quickly and easily.

HIDS

Security Onion supports several host-based event collection agents including Wazuh, Beats, and osquery. Just point them to your installation and it’s off to the races.

Static Analysis (PCAP Import)

Use Security Onion to import PCAP files for quick static analysis and case studies. Spin up a virtual machine quickly and get started in just a few minutes.

SOC Workstation

A workstation install option is also available for SOC analysts to use local Linux tools to perform analysis of network and host events. No need to install extra tools, we bundle all the apps you might need.

Read-on goes Hardware model and orchestration devices available from Security onion Solution.

DOWNLOAD opensource version

Above mentioned tools are not recommended for installation on personal PC and low configuration servers.

Comments

Post a Comment

Popular posts from this blog

My Life as Information security engineer Chapter 1: Tools

  Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP  Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: http://www.piratesshield.com/2017/11/nmap-network-mapper-securtiy-scanner.html CURL and WGET curl   is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget   using to download files directly instead of opening and surfing the brow
Post a Comment
Read more

AquaSec Container Security Solution ( DevSecOps ) - A quickView

  What is AquaSec?      The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed.    Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail  Sign In | Aqua (aquasec.com)   How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub  Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The
Post a Comment
Read more

What is IP Obfuscation ? How it's working ? how to use Cuteit tool ?

  What is IP  Obfuscation?     Which is a method to hide or convert a doted format IP address  (e.g. 192.168.192.2)   into an Integer or Hexadecimal value or Octal form by using some mathematical formula. It’s a kind of method to spoof the human eyes and web security services. dot format to Decimal Conversion   piratesshield.com 👉  [172.67.129.3] to translate (172 x256 3 )+(67×256 2 )+(129×256 1 )+(3×256 0 ) =  2890105091 Now you can use  https://2890105091  to access piratesshield.com This is one of the ways to do IP  Obfuscation.  The tool  ‘ Cuteit ‘ is  A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command-line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. HOW TO USE CUTEIT ? Download & Install Cuteit from the below link git :   git clone https://github.com/D4Vinci/Cuteit.git Direct link: https://github.com/D4Vinci/Cuteit/archive/master.zip usage: Cu
Post a Comment
Read more