Creating a functioning and secure cybersecurity and technology infrastructure doesn’t have to be expensive. There are many open-source projects that provide functionality comparable to their paid counterparts.
The purpose of this article is to demonstrate that there are open-source alternatives to many paid solutions, which can help businesses implement security without incurring significant expenses.
Disclaimer: I am not affiliated with these projects, nor have I tested the software. The software was selected purely by reviewing their websites. Prior to implementing these solutions, perform a needs analysis to determine if they are suitable for your business. Do your own research.
Bare Minimum Cybersecurity Controls
When identifying cybersecurity controls, it’s critical to perform a security assessment to clearly identify program gaps and determine any regulatory requirements your business may face. The controls listed below are commonly identified for small to medium-sized businesses either during the cyber insurance application process or through Incident Response (IR) investigations.
The highlighted projects are open-source or have a community version of their software available for use free of charge (subject to their terms of service, EULA, etc.).
MFA
Google Authenticator — Time-based One-Time Password (TOTP). Google Authenticator is widely used and supports the TOTP protocol, allowing integration with any device or account that supports TOTP.
VPN
OpenVPN — Server, Cloud, & Client Connect. OpenVPN offers various installation options, including server or client. Install the server within your data center, and the client on your laptops, enabling employees to securely access files from anywhere.
VPN + MFA
Enhance OpenVPN with MFA using Google Authenticator. OpenVPN supports Google Authenticator (and other TOTP products). Instructions are available to configure OpenVPN with Google Authenticator.
Wireless IDS
Kismet — Wireless Network Monitor. Kismet can monitor your office’s wireless network for indicators of compromise, such as communication with known-bad command and control (C2) servers. Kismet logs can also be forwarded to your SIEM or XDR system.
SIEM, XDR
Wazuh Security Platform — On-prem & Cloud Workloads. This platform offers open-source functionality comparable to EDR products. Wazuh can monitor endpoint vulnerabilities, scan for threats in real-time using ClamAV, and enable incident responders to contain threats. Device logs are correlated with their SIEM and XDR software to identify malicious activity across the network.
IAM
Keycloak — Single Sign-On, Permissions Federation, Centralized Management. Identity and access management can be complex with multiple systems. Keycloak simplifies and automates user provisioning and deprovisioning, reducing errors.
Vulnerability Management
Greenbone Vulnerability Management (OpenVAS) — Vulnerability Scanner. It’s critical to know both what and how to protect. Vulnerability scanning alerts organizations to undisclosed vulnerabilities or outdated software. OpenVAS can be configured for automatic scans and reporting.
Active Directory, Azure AD
Active Directory can become complex quickly, with permissions and groups becoming unwieldy. Automated tools can scan configurations and identify weaknesses that might go undetected until exploited by threat actors.
Purple Knight — Active Directory Security Assessment.
CRT — Review permissions for excessive assignments or misconfigurations.
Email Spam Filter
Apache SpamAssassin — Email Header and Body Text Analysis. Phishing emails have become much more sophisticated. Automated tools for detecting malicious emails can significantly reduce the success of phishing campaigns.
The Challenge
Implementing open-source projects can be challenging. Issues such as inadequate documentation, unsupported versions, and infrequently updated projects can create an atmosphere conducive to failure. Implementing open-source projects typically requires a strong technical team to install the software, maintain it over time, and monitor the project for ongoing maintenance. If something goes wrong, it’s usually up to the IT team to fix it.
Conclusion
Leveraging open-source projects for cybersecurity can significantly reduce costs while still providing robust security measures. Solutions like Google Authenticator for MFA, OpenVPN for secure connections, and Wazuh for SIEM and XDR demonstrate that open-source alternatives are viable. However, it’s essential to conduct thorough research and have a capable technical team to successfully implement and maintain these tools, as challenges like insufficient documentation and the need for ongoing project monitoring can arise. Adopting these open-source solutions requires a commitment to continuous management to ensure long-term effectiveness and security.
