Ensuring information security for your datacenter is a crucial and difficult
task. To protect data, organizations follow several security practices which at
times cost them millions. Several open source tools provide available today
provide economic and reliable way to monitor your network in real time and
prevent hacking. The security of a network depends largely on how it is
implemented and even if the system or network is properly implemented there
remains possibilities of some vulnerabilities residing on them. The security
encroachers exploit those vulnerabilities and get access into the system. There
are several ways hackers exploit these vulnerabilities. They scan for open
ports and services with weak security and eventually make their way to the
network. They attack the network by DoS, DDoS and SYN attacks. The reality is,
no matter how stringent are your security practices, newer and sophisticated
attacks will always keep peeping into it. So what do you do when a relentless
hacker surpasses all your security gates and find out a way to make all
operations come to a standstill? How to figure out which systems are being
attacked and what possible ways can help you stop him. Here we talk about some
open source tools which will help you get a real time scenario of what goes
on inside a network and how can you misguide a hacker during an active scan.
ArpAlert results which show IP address on which attack is launched and IP address of the machine from which the attack was launched. |
This shows that there is a flip flop in the Mac address . It also shows IP address of the targeted machine. |
The Mac address of the machine being spoofed and the replaced Mac address. |
ArpAlert -Watch who is connecting to your network
One of the best ways to keep an eye on the network for any malicious
activity is monitoring it continuously. While many sniffers show you the details
of previous logs, there is a need of real time sniffer to know what is happening
in the network at a moment. ArpAlert uses ARP address monitoring to help detect
unauthorized connections on local network. It listens on the network interface
and catches all Mac to IP address conversation. It compares those scanned Mac
addresses with the authorized Mac addresses and displays on the screen if any
inconsistency is found. It detect IP spoofing within the network and shows
which address is being spoofed. It also shows which machine in the network is
trying to spoof. We ran an IP Spoof test on one of the machines and
simultaneously started ArpAlert on the monitoring machine. ArpAlert found an IP
Spoofing within the network at once and the information started coming out on
the monitor screen. To launch an ARP Spoof attack, we used a utility called
arpspoof. To use arpspoof, go to terminal and type arpspoof -i eth0 target
ipaddress. We then started ArpAlert on the monitoring machine and it started
showing the results on the monitor.
The Mac address of the machine being spoofed and the replaced Mac address. |
The Labrea shows IP address of fake machine being scanned and IP address of machine which has launched scan. |
Arpwatch
It is another open source real time sniffer which helps you know about the
ongoing activity on your network and even sends you mail if it detects any
suspicious activity on the network. It simultaneously sends alerts to syslog.
This is helpful in the shared network using a hub where a single machine can
monitor the network. Arpwatch monitors the activity on the network and keeps a
database of the Ethernet/IP pairings. It keeps you informed every time a machine
gets a new IP address. It emails the current IP address the machine is leasing
and the Mac address. It can run on almost all Linux distributions. Arpwatch
uses a system independent interface called libcap for user level packet capture.
You need to install libcap prior to installing Arpwatch and it is necessary
that Arpwatch and libpcap are installed in the same directory. Arpsnmp is a
package which is similar to Arpwatch but does not require libcap for its
operation. It uses SNMP to collect IP to Mac address mappings. You can get
reports about new Ethernet address or any change in the currently assigned
Ethernet address. To start Arpwatch, just go to the terminal and type arpwatch -i
eth0 and it will start listening and recording the data and sending into your
mail. Also you can see the results in /var/log/messages directory. Use command
tail -f /var/log/messages to see the results. We tested this tool on our local
network by arp spoofing a machine and waited for Arpwatch logs.
The image shows the Nmap results which show about 50 open ports on the machine which actually don't exist |
Labrea
Labrea helps you deceive the hacker by creating virtual servers with lots of
open ports which may lure a hacker. And if he is planning a DoS attack on your
network , he will be diverted by the nonexistent servers . Basically it uses all
unused IP addresses and creates false virtual servers. So when an attacker
attacks the network he will see lot of open and vulnerable ports to play with .
With this, you can easily divert a DoS attack from your network. To use Labrea
on your machine, use the command labrea -o -v -z. Labrea sniffs for TCP/IP
traffic sent to that MAC address & then responds to any SYN packet with a SYN/ACK
packet that it creates. It also shows information about the source address of
attacker.
To test Labrea, we first tried to ping an unused IP on our network. For the
first three seconds the screen showed a message 'Request time out', however
after three seconds the response started coming out. We then started a Nmap port
scan and it showed about 50 open ports on the machine.
Useful Open Source Business Intelligence software |
|||
Software and URL | Description | Features | Popularity* |
RapidMiner http://www.rapid-i.com |
RapidMiner is leading open-source system for data mining. It is available as a stand-alone application for data analysis and as a data mining engine for the integration into own products. The solution includes Meta Data Transformation with which you can inspect results at design time. |
ETL, data warehousing, data mining, OLAP, business intelligence (BI) in Java. 500+ modules: extract, transform, load (ETL), data mining, data analysis + Weka, statistical forecasting, preprocessing, validation, visualization, OLAP, business intelligence. |
534,272 92% of 39 users recommending. |
Pentaho - Business Intelligence www.pentaho. com | Ranked #1 in Open Source BI. It's a complete business intelligence platform that includes reporting, analysis (OLAP), dashboards, data mining and data integration (ETL). It can be used as a full suite or as individual components that are accessible via web services. |
You can get the 30-day trial with support, and that provides a full spectrum of business intelligence (BI) capabilities. |
2,237,770 88% of 117 recommending. |
Pentaho - Business Intelligence www.pentaho. com | Ranked #1 in Open Source BI. It's a complete business intelligence platform that includes reporting, analysis (OLAP), dashboards, data mining and data integration (ETL). It can be used as a full suite or as individual components that are accessible via web services. |
You can get the 30-day trial with support, and that provides a full spectrum of business intelligence (BI) capabilities. |
2,237,770 88% of 117 recommending. |
OpenI: BI Web App for SaaS Deployments www. openi.org |
OpenI is an Open Source Business Intelligence application for on-demand or SaaS deployments. Based on J2EE, OpenI is an out-of-box solution to easily visualize data from OLAP and relational databases, where users intuitively build and publish interactive reports, analyses, and dashboards. |
OpenI enables simple and clean data visualization from OLAP and RDBMS, so users can intuitively build and publish interactive reports, analyses, and dashboards. |
47,822. |
Palo Suite www.jedox.com |
The Palo Suite is a SaaS enabled Open-Source BI Suite for Performance Management including Planning, Analysis, Reporting and ETL. The suite includes an in-memory OLAP Server, an Ajax-based online spreadsheet with DynaRanges and a web-based ETL-Tool. |
Its platform is completely based on Open Source products representing a high-end Business Intelligence solution which is available entirely free of any license fees. |
19,532 |
Breadboard BI Web Analytics www.breadboardbi.com/clickstream.html |
Breadboard BI Clickstream module is a scalable system that gathers web traffic data from an unlimited number of web servers. It processes this data, stores it in virtually any Open Source or proprietary database, and presents the refined metrics to marketing, sales, or other non-technical users. It offers the ability to integrate web metrics with customer, finance, supply chain, and workforce systems throughout the enterprise. |
Use Pentaho Open Source business intelligence tools and MySQL to collect & distribute web analytics (clickstream) data. Extract data from logs, load database tables, & present the information in dashboards, analysis cubes, and reports for business users. |
6,622 |
VIKAMINE http://vikamine.sourceforge.net |
VIKAMINE (Visual, Interactive and Knowledgeintensive Analysis and MINing Environment) is a rich client application implemented in Java. It is a flexible environment for visual analytics, data mining and business intelligence - implemented in pure Java. |
It features several powerful visualization and mining methods, and can utilize background knowledge. |
4,608 |
Daffodil CRM crm.daffodilsw.com | Daffodil CRM is a Java based Open Source software that enables seamless coordination amongst sales, marketing, customer service, field support and other functions that handle customer contact for an enterprise. It integrates all aspects of customer life cycle from identifying business opportunities to sustaining existing customers. |
With Daffodil CRM you can achieve sales force automation; it also has features for sales forecasting, opportunity tracking and performance management. |
24,870 |
Open Source Artificial Intelligence software |
||
Software and URL | Description | Popularity* |
EulerGUI http://eulergui.sourceforge.net |
A lightweight IDE for Artificial Intelligence. Started as GUI for the Euler reasoning engine. The sources can be N3, RDF, OWL, UML, eCore, plain XML or XSD, files or URL's. Wraps Drools (or CWM, FuXi) as N3 rules engines. Model based app. generation. |
798 |
Inexact - Information Fuzzy Retrieval inexact.sourceforge.net |
Inexact is a library developed in Java 5.0 to implements three methods of information fuzzy retrieval: Fuzzy query, Query by example and the two previous methods together. This project uses the fuzzy logic paradigm (Artificial Intelligence). |
845 |
SOL sol.sourceforge.net | SOL is a C++-like dynamically typed multitasking real-time language. Its main application is a programming of real-time objects behavior, for example artificial intelligence for game characters. You can call C++ functions from SOL and vice versa. |
140 |
Ai.planet aiplanet.sourceforge.net | ai.planet is a virtual world for artificial intelligence. Developers can study and visualize algorithms in a versatile 3D environment, which has water, land, suns, moons, and atmosphere. Plants, animals, fish, and insects can also be added to create a dynamic ecosystem. |
96,507 |
Waffles http://freshmeat.net/projects/waffles |
Waffles is a cross-platform C++ library of algorithms for machine learning, artificial intelligence, data mining, etc. It also contains demo apps and command-line wrapper tools that are useful for visualizing, analyzing, and predictively modeling data. |
3919 |
AIBench www.aibench.org |
AIBench is a lightweight, non-intrusive, MVC-based Java application framework that eases the connection, execution and integration of operations with well defined input/output. |
24,822 |
Fast Artificial Neural Network Library http://fann.sourceforge.net |
Fast Artificial Neural Network Library (FANN) implements multilayer artificial neural networks in C. It is cross-platform, easy to use, versatile, well documented and fast. C++, PHP, PERL, Python, Delphi, .NET, Mathematica bindings and a GUI is available |
164,124 |
OpenSkyNet Beta http://openskynet.sourceforge.net |
OpenSkyNet - Moving towards a comprehensive artificial intelligence solution for game developers under the LGPL. The goals are to implement action selection solvers, robust steering behaviors (including pathfinding algorithms), and machine learning. |
2814 |
FreeDEM Beta http://freedem.sourceforge. net | FreeDEM is an implementation of a process-based middleware. It's built as a powerful framework to manage server-side business processes. It's designed to be easy to use and to develop with, not sacrificing power; a strong stress is put on performances. |
242 |
*Based on number of downloads from Sourceforge.net. |