HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Open Source Security Software

There are many open source security software options available to healthcare organizations that can be leveraged to significantly improve security capabilities and better defend networks and data against cyber threats.

According to a recent HIMSS survey of U.S. healthcare cybersecurity professionals, cybersecurity budgets have remained static over the past few years despite the increase in cyberattacks on the healthcare industry. 40% of cybersecurity professionals said 6% or less of their IT budget is spent on cybersecurity, and 40% said their budget has either not changed or has decreased in the past 12 months. 67% of respondents said they have experienced at least one significant security incident in the past 12 months, and a study by Keeper Security suggests 75% of all healthcare organizations have experienced a cyberattack in the past 12 months.

Allocating more funding to cover cybersecurity improvements can certainly help to improve an organization’s security posture and prevent cyberattacks, but there are often competing priorities and budget increases are simply not an option. Open source security software provides a way to improve security capabilities at little to no cost. There are many open source security tools that can be used free of charge which can help better protect networks, identify vulnerabilities before they can be exploited by threat actors, discover cyberattacks in progress, and assist with the response and remediation of cyber threats.

What are the Advantages of Open Source Security Software?

There are two ‘types’ of open source security software. In the truest sense of the term, open source refers to software that has had the source code placed in the public domain and is available for anyone to inspect, use, and modify as they see fit.

Some security software vendors develop commercial security software and release elements of the source code so it can be inspected. Many cybersecurity professionals prefer open source security software as they feel they can place more trust in the code. They can inspect the code to find out how functions are performed, can look for potential vulnerabilities and, importantly for security software, make sure that it does not contain any malicious code which performs secret functions.

When the source code is made public, many eyes looking at the source code makes it more likely that vulnerabilities will be identified. With proprietary security software, you must trust that the developer of the software has conducted thorough tests and has checked for potential vulnerabilities in the code.

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) published a list of free and open source cybersecurity solutions as a reference for public and private sector organizations to use to improve their security capabilities. These include CISA tools and services, open source security software from private and public sector organizations and the cybersecurity community. These tools and services can reduce the likelihood of a damaging cyber incident, quickly detect potential intrusions, help organizations prepare to respond to an intrusion, and maximize resilience to destructive cyber incidents.

Types of Open Source Security Software

Open source security software has been developed to help IT security teams improve cybersecurity capabilities in many areas. Many tools exist that can help address aspects of security not covered by an organization’s current security solutions. Open source security software can help organizations develop a defense-in-depth approach to security, where they have multiple layers of security to detect and block the full range of cyber threats. Some of the main types of open source security tools are listed below with suggestions of tools in each category.

Vulnerability Scanners

If you want to prevent hackers attacking your organization, it makes sense to use the same tools they use to probe for vulnerabilities and exploit them. Vulnerability scanners and other penetration testing tools allow security teams to identify vulnerabilities before they are found and exploited by hackers.

Suggestions:

  • Metasploit – Vulnerability scanning and attack framework with large database of exploits, used by pen testers and hackers alike.
  • Whitesource- Scanner for detecting vulnerabilities in open source components such as transitive dependencies in more than 200 programming languages.
  • Open Vulnerability Assessment System (OpenVAS) – Free, open source vulnerability scanner run by Greenbone Networks that performs over 50,000 vulnerability tests.
  • Nmap – Open source security software for analyzing hosts, services, operating systems, open ports, and other security risks by sending packets and analyzing responses.
  • OWASP Zed Attack Proxy (ZAP) – A powerful and easy-to-use web application vulnerability scanner.
  • W3af – Popular web application attack and audit framework.

Firewalls

While security professionals may feel more comfortable purchasing a next-generation firewall to filter inbound and outbound traffic and apply security policies, there are good quality open source firewalls available that can be used free of charge.

Suggestions:

  • OPNSense – Free open source firewall that includes flow monitoring, WAN load balancing, full mesh VPN routing, and an HTTP load balancer.
  • pfSense – Free firewall based in the FreeBSD system that includes routing, load balancing, site-to-site VPNs, and IDS/IPS.

Security Information and Event Management (SIEM) and Intrusion Detection

Checking security logs for signs of potentially malicious activity can be a time-consuming task, especially considering the number of security solutions that are typically used. Security Information and Event Management Systems (SIEM) help security teams analyze, prioritize, and act on critical information rapidly, while intrusion detection systems (IDS) can detect network compromises and generate instant alerts.

Suggestions:

  • AlienVault OSSIM – Unified open source platform for asset discovery, vulnerability assessments, intrusion detection, and behavioral monitoring.
  • OSSEC – Powerful, host-based system for log analysis, file integrity monitoring, Windows registry monitoring, policy enforcement, rootkit detection, real-time alerting, active response, and more.
  • Snort – Highly customizable IDS for detecting a wide range of attacks such as buffer overflows, stealth port scans, CGI attacks, OS fingerprinting attempts.
  • Suricata – Real-time intrusion detection, inline intrusion prevention, and network security monitoring platform.

Network Protocol Analyzers

There are a variety of sniffing tools available for capturing and analyzing network traffic to identify potentially malicious network activity.

Suggestions:

  • WireShark – Open source network protocol analyzer for live network data capture and analysis of all types of transmission modes.
  • Ettercap – Tool for Windows and UNIX for adversary-in-the-middle attacks on LAN, which includes sniffing of live connections, content filtering on the fly, and many network and host analysis features.

Forensic Analysis

Several open source security tools can help security teams with the forensic analysis of cyberattacks to discover the extent of an intrusion and construct a forensic timeline analysis.

Suggestions:

  • TimeSketch – Collaborative forensic timeline analysis tool.
  • Turbinia – Open-source framework for deploying, managing, and running distributed forensic workloads.
  • dTimeWolf – Open-source framework for orchestrating forensic collection, processing, and data export.
  • Xplico – Network forensic analysis tool for extracting data from Internet traffic.

Code Quality Checkers

The quality of code can affect the security of applications, so it is wise to use open source security software to assess the quality of your code.

Suggestions:

  • SonarQube – Popular code quality checker that incorporates most FindSecBugs rules.
  • DeepScan – Static code analysis tool for inspecting JavaScript code for potential run-time errors.

Password Managers

Password security should not be overlooked. Employees are generally bad at choosing secure passwords, and weak passwords are vulnerable to brute force attacks. Password managers can help employees create strong, unique passwords for all accounts and not have to remember them.

Suggestions:

  • Bitwarden – Popular, highly-rated open source password manager with strong end-to-end encryption and the option of cloud or self-hosted password vaults. Free and premium tiers are available.
  • KeePass – Free open source password manager with secure encryption algorithms.