Bossie Awards 2012: The best open source networking and security software

Few will be surprised at the wealth of open source networking and security tools available. But you might be surprised at the range — and at some of the new projects that are taking their place among the old favorites. While scores of established projects are still going strong, new networking and security challenges are spawning new projects with new approaches.

Open source firmware has become a staple of late-model routers, and DD-WRT is one of the most significant due to its inclusion at the factory in various commercial routers. Built for the Broadcom and Atheros chip sets, DD-WRT includes most of the functionality you’d expect from a router: wireless encryption, QoS, IPv6, port forwarding, UPNP, and so on. But it also bakes in functionalities like OpenVPN support, a hotspot portal, and AnchorFree anonymization that are normally available as cost-plus add-ons in other products. — Serdar Yegulalp

The ASSP (Anti-Spam SMTP Proxy Server) is what Barracuda antispam firewalls want to be when they grow up. ASSP includes implementations of such popular spam prevention methods as whitelisting, graylisting, SPF, DNS blacklists, and integration with ClamAV and FileScan. ASSP also adds weighted regular expression filtering, damping, word stemming in the Bayesian filtering analysis, and support for SenderBase, transparent proxying, and plug-ins to tap OCR of attachments for filtering. The integration of all these features into one SMTP proxy server makes the job of the mail server admin much easier than trying to glue a bunch of individual tools together on top of a standard SMTP server. — High Mobley

OpenNMS is the network monitoring and management software you use if you have a lot of stuff and need something highly customizable. More flexible, more customizable, and more enterprise-ready than most of its competitors, it is also the most open source. The only downside is that it’s more difficult to install on average. However, if you need to monitor and manage everything and anything on the network, this is probably the best tool under the sun, open source or not. — Andrew Oliver

WhatsUp Gold seems to be everywhere these days — including in many places where I should be seeing Cacti instead. Yes, the venerable front end to the RRDtool data logging system is still running strong. Presenting the familiar MRTG-like interface, Cacti can tell you whether your links are up or down, display your network’s throughput, and alert on any problems. Don’t get me wrong, WhatsUp Gold is a fine tool with in-depth monitoring capabilities, but if all you want is a picture of your network in broad strokes, save yourself a few grand and download Cacti instead. And be sure to check out CactiPhone, a free Web GUI to Cacti for the iPhone and Android. — Victor R. Garza

If you’ve been in InfoSec for more than a week, you know Snort is still the best open source intrusion detection and prevention system out there. Using rules to detect both signature and anomaly-based attacks, Snort is deployed worldwide as a first line of defense. There are tons of add-ons for Snort to manage rule sets, generate reports, and produce graphs. While Snort is available for Windows platforms, deploying on Linux keeps Snort running fast, like a greased pig. — Victor R. Garza

Akin to a Security Information and Event Management system, Sagan is a log monitoring system that can write back to a Snort database and correlate log events flagged by Sagan rules with Snort events. Sagan also works with other network and security devices that generate SNMP traps, output syslog, or other log formats. If you’re familiar with the rule language from Snort or Suricata, you’ll feel at home with Sagan. While Sagan doesn’t need Snort to run effectively, Sagan was designed with Snort in mind. They make good security monitoring partners, displaying security events of concern in a single console. — Victor R. Garza

Nmap belongs in the toolbox of every network administrator. The popular network security scanner can run a number of different analyses on a remote host and produce detailed reports about open ports, running services, and even educated guesses about the OS in use. The command-line version of the program can be used as-is or in conjunction with a graphics front end. Newly released Nmap 6 brings an expanded scripting engine for automation, full IPv6 support, faster scanning performance, and a new ping-on-steroids Nping tool. — Serdar Yegulalp

For those who want to establish secure communications with third parties, the PGP standard has long been a popular way to do it. GnuPG provides a whole suite of PGP tools for encryption, decryption, key management, and message signing. Support is included for a whole bevy of common and uncommon encryption algorithms, and a plug-in architecture allows future algorithms to be added transparently. The Windows build of the suite includes integration for Microsoft Outlook and even a tiny email client (Claws Mail) with native GnuPG support. — Serdar Yegulalp