Cybersecurity on a Budget: Open Source Alternatives

Steve
3 min readNov 8, 2023
Cybersecurity on a budget using open-source tools
Cybersecurity on a budget using open-source tools

Creating a functioning and secure cybersecurity and technology infrastructure doesn’t have to be expensive. There are many open-source projects that provide functionality comparable to their paid counterparts.

The purpose of this article is to demonstrate that there are open-source alternatives to many paid solutions, which can help businesses implement security without incurring significant expenses.

Disclaimer: I am not affiliated with these projects, nor have I tested the software. The software was selected purely by reviewing their websites. Prior to implementing these solutions, perform a needs analysis to determine if they are suitable for your business. Do your own research.

Bare Minimum Cybersecurity Controls

When identifying cybersecurity controls, it’s critical to perform a security assessment to clearly identify program gaps and determine any regulatory requirements your business may face. The controls listed below are commonly identified for small to medium-sized businesses either during the cyber insurance application process or through Incident Response (IR) investigations.

The highlighted projects are open-source or have a community version of their software available for use free of charge (subject to their terms of service, EULA, etc.).

MFA

Google Authenticator — Time-based One-Time Password (TOTP). Google Authenticator is widely used and supports the TOTP protocol, allowing integration with any device or account that supports TOTP.

VPN

OpenVPN — Server, Cloud, & Client Connect. OpenVPN offers various installation options, including server or client. Install the server within your data center, and the client on your laptops, enabling employees to securely access files from anywhere.

VPN + MFA

Enhance OpenVPN with MFA using Google Authenticator. OpenVPN supports Google Authenticator (and other TOTP products). Instructions are available to configure OpenVPN with Google Authenticator.

Wireless IDS

Kismet — Wireless Network Monitor. Kismet can monitor your office’s wireless network for indicators of compromise, such as communication with known-bad command and control (C2) servers. Kismet logs can also be forwarded to your SIEM or XDR system.

SIEM, XDR

Wazuh Security Platform — On-prem & Cloud Workloads. This platform offers open-source functionality comparable to EDR products. Wazuh can monitor endpoint vulnerabilities, scan for threats in real-time using ClamAV, and enable incident responders to contain threats. Device logs are correlated with their SIEM and XDR software to identify malicious activity across the network.

IAM

Keycloak — Single Sign-On, Permissions Federation, Centralized Management. Identity and access management can be complex with multiple systems. Keycloak simplifies and automates user provisioning and deprovisioning, reducing errors.

Vulnerability Management

Greenbone Vulnerability Management (OpenVAS) — Vulnerability Scanner. It’s critical to know both what and how to protect. Vulnerability scanning alerts organizations to undisclosed vulnerabilities or outdated software. OpenVAS can be configured for automatic scans and reporting.

Active Directory, Azure AD

Active Directory can become complex quickly, with permissions and groups becoming unwieldy. Automated tools can scan configurations and identify weaknesses that might go undetected until exploited by threat actors.

Purple Knight — Active Directory Security Assessment.
CRT — Review permissions for excessive assignments or misconfigurations.

Email Spam Filter

Apache SpamAssassin — Email Header and Body Text Analysis. Phishing emails have become much more sophisticated. Automated tools for detecting malicious emails can significantly reduce the success of phishing campaigns.

The Challenge

Implementing open-source projects can be challenging. Issues such as inadequate documentation, unsupported versions, and infrequently updated projects can create an atmosphere conducive to failure. Implementing open-source projects typically requires a strong technical team to install the software, maintain it over time, and monitor the project for ongoing maintenance. If something goes wrong, it’s usually up to the IT team to fix it.

Conclusion

Leveraging open-source projects for cybersecurity can significantly reduce costs while still providing robust security measures. Solutions like Google Authenticator for MFA, OpenVPN for secure connections, and Wazuh for SIEM and XDR demonstrate that open-source alternatives are viable. However, it’s essential to conduct thorough research and have a capable technical team to successfully implement and maintain these tools, as challenges like insufficient documentation and the need for ongoing project monitoring can arise. Adopting these open-source solutions requires a commitment to continuous management to ensure long-term effectiveness and security.

Additional Resources

--

--

Steve

Cybersecurity evangelist and cybercrime investigator who has investigated over thousands of events with ransomware, insider threat, and regulatory inquiries.