Free software. What programs are called licensed?

As the computer industry introduces more and more security tools for systems and networks, users are becoming more interested in free software to see if its potential benefits outweigh its potential disadvantages.

Although freely available security systems have been around for a long time, they have never been used as widely as operating system Linux and Apache Web server. John Pescatore, Gartner's director of Internet security research, noted that freeware now accounts for 3-5% of security deployments, but that this figure could rise to 10-15% by 2007.

The main reason for this potential is the quality of the numerous freely available security packages. , - noted Eugene Spafford, director of the Center for Education and Research in the field information security Purdy University.

Free software products include free tools that can be downloaded from the Internet, packages for which manufacturers offer commercial support services, and additional tools that are included with commercial products.

The most popular tools include Netfilter and iptables; intrusion detection systems such as Snort, Snare and Tripwire; security vulnerability scanners such as Kerberos; firewalls, in particular T.Rex.

Some enterprises have even begun to use freely available security systems to secure their critical infrastructure.

Growing interest

IT professionals have been using freely available security tools to varying degrees for about 15 years. There is now increasing interest in such tools from large companies, security consultants and service providers who can adapt such software to the needs of specific users. For example, EDS began using Astaro's freely available security tools to secure the front-end component of the Web sites of several credit unions that offer transaction processing capabilities.

Integrators of information security systems recognize that users are attracted by the low price of freely distributed tools. For example, Richard Mayr, managing director of R2R Informations und Kommunikations, noted that his company has been offering its commercial firewall. However, the collected data shows that 75% of the company's clients prefer freely distributed analogues. Guardent offers a $1,500-per-month Internet security subscription based on its Security Defense Appliance. The solution combines commercial components, such as Cisco Systems' PIX firewall, with freely available components, including iptables, Nessus, and Snort. A similar service that relies solely on commercial products can cost around $10,000.

At the same time, C2Net Software, which was recently acquired by Red Hat, developed its commercial server Stronghold Secure Web Server based on Apache and OpenSSL - a freely distributed toolkit that implements security protocols at the socket level and at the transport level, and also contains a general-purpose cryptographic library.

According to security consultant Paul Robichaux of Robichaux & Associates, organizations with specific legal security requirements, such as those in healthcare and finance, are unlikely to use freely available tools. Instead, they will likely continue to be dependent on manufacturers to whom they can hold responsible for security breaches. Robichaux believes that freely available security systems will be more likely to be used by consulting and service firms that already know and trust the tools, as well as by companies whose IT departments have already tried such solutions.

Freeware Security Tools: Pros and Cons

Let's compare free and commercial tools in terms of cost, quality and technical support.

Expenses. One of the main advantages of freely distributed tools- their cost is lower compared to commercial products. Such systems are distributed free of charge or at very low prices. low prices, and, in addition, they either do not provide for licensing payments at all, or these payments are significantly less than for commercial products. However, some users have learned from their own experience that the statement is fully applicable to freely distributed tools.

However, Buddy Baxter, EDS technical manager for infrastructure solutions for credit unions, believes that just because a product costs more doesn't mean it will be more secure. According to him, EDS can install a security system based on the Astaro software tool, which will cost four times less than a commercial product from Check Point Software Technologies.

Quality. Guardent's chief technology officer, Jerry Brady, confirmed that some freely available security tools are as good as, if not better than, their commercial counterparts. For example, he said, the Nessus security vulnerability scanner provides better distributed processing, remote triggering and scheduling capabilities than many commercial products. , he emphasized.

However, Marcus Ranum, a security expert and head of NFR Security, objects to him: .

Spafford agrees with him: .

Proponents of open source solutions argue that there are so many people studying open source code that they can find problems much faster than the limited number of developers who create a commercial product for a given company. , said Mike Curtis, director of research at information security services company Redsiren Technologies.

Additionally, as Curtis noted, open-source software developers can respond more quickly to security flaws than commercial companies simply because they are less busy and bureaucratic. , he thinks.

However, Ranum disagrees with him: “he said.

Many closed source proponents believe that the quality of a program, not the number of people studying it, is more important in finding bugs in a program. They argue that the company's software experts working on their own products produce better work than those studying freely available packages.

Spafford also joins his opinion. , he noted.

Support. Proponents of commercial software argue that their vendors, unlike free software vendors, offer support and other resources to help customers run into problems. However, this approach also allows those who offer support services to users of free security software to strengthen their position.

Brady noticed.

Other questions. Some closed source advocates believe that the availability of free code makes it much easier for hackers to figure out how to overcome such protections. However, apologists for freely distributed solutions argue that this is not the case, since hackers are able to break through the protection organized using commercial products. At the same time, they note that freely available security tools easier to set up, since their source texts are available.

Known freeware projects

Let's look at some important freely available security tools.

Kerberos

Kerberos authentication and encryption technology ( http://www.mit.edu/kerberos/www) was developed at the Massachusetts Institute of Technology in 1987. Since then, this technology has become the standard used by working group Common Authentication Technology Working Group, formed under the Internet Engineering Task Force.

Freely available versions of Kerberos are available for the Macintosh, Unix, and Windows platforms. Commercial implementations have been created by Microsoft, Oracle, Qualcomm and a number of other companies. Microsoft drew criticism from those in the market by integrating a version of Kerberos into Windows 2000 that was not fully compliant with the standard.

Snort

Snort ( www.snort.org) is considered one of the most popular freely available security tools. According to Marty Reusch, lead developer of Snort, this application is used by 250-500 thousand people. This software has a group of active supporters and very detailed documentation.

Snort is a simplified network intrusion detection system capable of performing real-time analysis of traffic and packets recorded on IP networks. Released in 1998, Snort helps identify potential security breaches by performing protocol-based packet analysis as well as pattern-matching searches on content. This system is capable of detecting probe activity and detecting various security violations such as buffer overflows, stealth port scans, and common gateway interface attacks.

Snort runs on a variety of platforms, including FreeBSD, Linux, MacOS, Solaris, and Windows.

Snare

System Intrusion Analysis and Reporting Environment is a hosted intrusion detection system designed for Linux systems. InterSect Alliance ( www.intersectalliance.com), which brings together consultants specializing in security issues, developed and released Snare in November 2001.

Snare uses dynamically loaded module technology to interact with the Linux kernel at runtime. By using only those modules that are needed to perform a specific task, Snare reduces the load on the host system. And because Snare loads dynamically, users don't have to reboot the system or recompile the kernel, as is the case with some Linux enhancements.

Tripwire

Purdy University's Spafford and then-student Gene Kim developed the Tripwire Academic Source intrusion detection system, which has been downloaded by more than a million users since its release in 1992. Tripwire Company ( www.tripwire.com), which Kim founded, later completely redesigned the program, turning it into a closed-source commercial product. Tripwire offers free version for Linux, but sells commercial versions for Unix and Windows NT platforms.

Nessus

Nessus ( http://www.nessus.org) is a security vulnerability scanner that allows you to check the security of a Web site remotely. The Nessus developers released this toolkit in April 1998. Nessus supports servers that comply with POSIX requirements and work with Java, Win32 and X11 clients.

Saint

Security Administrators Integrated Network Tool is a security vulnerability scanner (see Figure 1) that works with most flavors of Unix, including Linux. The scanner was created on the basis of freely distributed tools for analyzing security defects Satan (Security Administrator's Tool for Analyzing Networks). Saint company ( www.saintcorporation.com) has discontinued older versions of the scanner, but sells the latest version, as well as SAINTwriter for generating custom reports and SAINTexpress for automatic update signatures of security defects.

Netfilter and iptables

The free software team has prepared Netfilter and iptables for integration into the Linux 2.4 kernel. Netfilter ( www.netwilter.org) allows users to monitor feedback associated with network intrusions, thereby allowing them to detect the fact that the system is under attack. Using iptables ( www.iptables.org) Users can define the actions that the system should take if an attack is detected.

T.Rex

T.Rex() is a free software firewall released by Freemont Avenue Software in 2000. It runs on AIX, Linux and Solaris platforms and is currently used by approximately 31,000 users.

Prospects

The widespread use of freely distributed security systems is hampered by a number of difficulties and problems.

Fear of open texts

Some companies are afraid to purchase free software because it is not developed by a specific company and is not supported software which they are accustomed to purchasing. Because of this, as predicted by David Moskowitz, director of technology at the consulting company Productivity Solutions, many freely distributed tools begin to be used only after IT specialists try it out on their own initiative and gradually implement it in the enterprise.

Fear

Because the code is open source, some companies fear that hackers will create freely available tools that they can use to infiltrate systems. Robichaux remarked about this: , without any ready-made or downloaded packages>.

Certification

Certification of a product by authorized government organizations can give a serious impetus to its widespread use. The US government requires that security systems and other products related to information technology, have been tested to meet the Federal Information Processing Standard by the National Institute of Standards and Technology (NIST) before they can be purchased by US government agencies.

The cost of compliance testing can range from tens to hundreds of thousands of dollars. All this can prevent organizations that create free software (and usually have a very modest budget) from certifying their technology. In fact, as Annabel Lee, director of the NIST Cryptographic Module Validation Program, noted, she is not aware of any freely available products that have been certified.

Ease of use and management

Free software vendors tend to prioritize functionality over ease of use and management. As a result, such applications are sometimes difficult to deploy and manage. For example, as Reusch noted, .

Pescatore explained the situation this way: .

All of this creates a small but rapidly growing market for defense system integrators and service providers such as Guardent, Redsiren and Silico Defense. These companies can offer management tools and thereby hide the complexity of freeware products from users, while also providing a guaranteed level of service and support.

Astaro strives to create a complete security infrastructure that integrates numerous freely available technologies into a single, easy-to-use interface. Ernst Kelting, President of the American branch of Astaro, emphasized: .

Conclusion

Simon Perry, vice president of security systems at Computer Associates, believes that the use of freely distributed security tools will increase, although not in large corporations. Organizations that develop open-source software don't have the resources or management tools needed to achieve the integration required to provide security across multiple platforms, as large companies do, he said.

An interesting trend in the open-source security market may be the development of business models that combine open source with specialized hardware, commercial front-end tools, and/or service-level guarantees. For example, Brady noted that manufacturers could combine their knowledge of hardware optimization with freely available technology to create products such as network set-top boxes, supporting secure fast connections.

Cox emphasized that.

However, Pescatore believes that the share of revenue from all security products coming from the sale of commercial support services for open-source tools will rise from 1% to just 2% by 2007. This is partly because many companies will use free tools rather than commercial open source packages.

One of the dangers associated with tools distributed in source texts, is due to the fact that users may succumb to a false feeling complete safety, counting on the fact that this code was analyzed by many specialists. According to Dan Geer, Kerberos developer and chief technology officer at security services company @Stake, .

Categories of programs that will be included in the collection:

• Office applications
• internet applications
• File managers
• Antiviruses
• Archivers
• Multimedia
• Disc burning programs
• Map and directory

Office applications

• OpenOffice.org is a fully featured office suite with multilingual support, working under all major operating systems, such as MS Windows, GNU/Linux, Free BSD, Sun Solaris, which provides comfort to users regardless of the environment of use due to a uniform interface.
• OpenOffice.org is an open source program, which ensures high development dynamics and a high degree of electronic security for users.
• OpenOffice.org is distributed under a free, royalty-free license, which makes its use cost-effective in the public, corporate and private sectors of the economy.
• OpenOffice.org - allows you to create and edit all common document formats, including MS Office document formats. The proprietary document format of OpenOffice.org OpenDocument Format (ODF), approved by the international organization for standardization ISO as the ISO/IEC 26300:2006 standard. Plastic bag office programs OpenOffice.org allows you to download any document in PDF format (ISO 32000).

Adobe Reader 9.1 - The Adobe Reader program is intended for viewing and printing documents in PDF format. Adobe Reader allows you to work with PDF format, which is one of the most common and convenient formats for electronic submission of various documentation. In this format, Adobe Reader allows you to view various manuals, descriptions of software products, advertising brochures, etc. Adobe Reader can work as a plugin for different browsers and can show slideshows in the format Adobe Photoshop Album.

Enjoy a fast, secure and easy to use client Email from Mozilla. IN mail client Thunderbird has smart spam filters, powerful system search and customizable appearance

TightVNC is free software for remote access and control of a remote computer.

TightVNC is:

• Free software distributed under the GPL license along with the source code.
• A useful tool for remote administration, customer assistance, and education.
• Cross-platform software available for Windows and Unix, compatible with other VNC implementations.

File managers

Unreal Commander - free two-panel file manager for Windows® 98/Me/2000/XP/2003/Vista.

Characteristics:

• Two-pane interface
• UNICODE support
• Advanced file search
• Bulk renaming of files and directories
• Directory synchronization
• Support for ZIP, RAR, ACE, CAB, JAR, TAR, LHA, GZ, TGZ archives
• Built-in FTP client
• Directory tabs
• Support for WLX plugins and WCX plugins
• Built-in viewer and quick view function
• Working with the network environment
• Drag & Drop support when working with other applications
• History and Favorites buttons
• Background copy/transfer/delete
• Securely erase files (WIPE)
• Using wallpapers
• Design styles: color categories of files, fonts for all interface elements

FreeCommander is an easy-to-use alternative to the standard one Windows Explorer. You can take FreeCommander anywhere - just copy the installation folder to a CD or USB flash drive - and you can work with this program on a third-party computer.

Main features of FreeCommander:

• Double panel technology - horizontal and vertical
• Bookmark interface
• Optional folder tree for each panel
• Built-in file viewer to view files in hexadecimal, binary, text or image format
• The file viewer also works inside archives
• Built-in archive management: ZIP (read, write), CAB (read, write), RAR (read)
• Built-in FTP client
• Easy access to system folders, control panel, desktop and start menu
• Copying, moving, deleting, renaming files and folders
• Multi-rename tool
• Overwriting files
• Creation and verification checksums MD5
• File separation
• File properties and context menu
• Calculating folder size
• Compare/sync folders
• Changing the date and file attributes
• Favorite folders/programs
• Search files (also inside archives)
• File filters for display
• User defined columns for detailed viewing
• DOS command line
• Multilingual support

Avira AntiVir − free, but fully functional antivirus.

• Reliable protection against viruses, worms, Trojan programs and dial-up programs for paid sites
• Very modest resource requirements
• Automatic update
• Ease of maintenance

AVZ is a free antivirus program.

In addition to the standard scanner (with a heuristic analyzer) and auditor, it includes a number of tools, some of which are atypical and provide a fairly competent user with advanced control tools.

The program is used to find and remove:

• SpyWare and AdWare
• Trojans
• BackDoor
• Viruses
• Network worms
• Mail worms
• Rootkits
• Keyloggers

Archivers

7-Zip is a file archiver with a high compression ratio. The program is freely distributed under the terms of the GNU LGPL license.

Key Features of 7-Zip:

• Supported formats: 7z, ZIP, CAB, Z, MSI, RPM, DEB, NSIS, LZH, RAR, ARJ, WIM, CHM, GZIP, BZIP2, TAR, CPIO, ISO and RPM.
• Very high compression ratio in 7z format.
  
• For ZIP formats and GZIP compression ratio is 2-10% higher than PKZip and WinZip.
• Ability to create self-extracting archives for 7z format.
• Possibility of encryption of archives.
• Built-in file manager.
• Integration into the Windows shell.
• Plugin for the FAR Manager program.
• Plugin for the Total Commander program.
• Powerful command line version.
• Multilingual interface (Russian available).

TUGZip- free program for archiving files for the Windows operating system. TUGZip supports a wide range of archive formats, and can also work with ISO, NRG and other disk images.

Main characteristics:

• Creation of archives in ZIP, 7-ZIP, BH, BZ2, CAB, JAR, LHA (LZH), SQX, TAR, TGZ and YZ1 formats.
• Supports ZIP, 7-ZIP, A, ACE, ARC, ARJ, BH, BZ2, CAB, CPIO, DEB, GCA, GZ, IMP, JAR, LHA (LZH), LIB, RAR, RPM, SQX, TAR, TGZ formats , TBZ, TAZ, YZ1 and ZOO.
• Supports BIN, C2D, IMG, ISO and NRG disk images.
• Recovering damaged ZIP and SQX archives.
• Integration into Windows Explorer.
• Script support, which may be useful for automatic creation backup copies.
• Archive encryption function using AES-256, Blowfish and TripleDES algorithms.
• Possibility of creating self-extracting archives.
• Plugin support.
• Support for various interface languages, including Russian.

Free programs for burning CD/DVD discs

CD DVD Burning 2.6.1 - free software for burning CDs and CDs DVD formats. When unpacked, the program consists of only three files: cd_dvd_burning.exe, compare.exe and mp3lib.dll. When the application starts, the file FoxBurner.dll is added to them. No additional installation no program is required into the system - we just launch the main executable module.
Contains everything you need to work with discs and supports the main disc formats and methods of recording them:

• BOOTCD, Joilet support, VideoDVD. AUDIO CD (MP3/WAV/OGG/WMA)
• UDF CD/DVD, DVD+R double Layer, burn ISO/BIN/CUE.
• DVD+R/DVD+RW,DVD-R/DVD-RW, DVD-RAM, CD-R, CD-RW

Map and directory

Vector is electronic card cities, combined with a directory of organizations. Vector will always tell you where the organization is located, opening hours and how to get there.
Available cities: Taganrog, Surgut, Nefteyugansk, Lyantor, Khanty-Mansiysk, Tyumen, Ulan-Ude, Noyabrsk, Penza, Nyagan, Zhitomir, Baku
The application runs on Windows, Mac OS, Linux, Android and Windows Phone.

Practical work No. 2

Work theme: Licensed and freely distributed software products. Organization and updating of software using the Internet.

Goal of the work: study licensed and freely distributed software products; learn how to update software using the Internet.

Equipment, devices, equipment, materials: Personal Computer with Internet access.

Tasks

Exercise 1. Find on the Internet the law of the Russian Federation “On Information, Informatization and Information Protection” and highlight the definitions of the concepts:

information- information about persons, objects, facts, events, phenomena and processes, regardless of the form of their presentation.

information Technology- processes, methods of searching, collecting, storing, processing, providing, distributing information and methods of implementing such processes and methods.

information and telecommunications network- a technological system designed to transmit information over communication lines, access to which is carried out using computer technology.

access to the information- the ability to obtain information and use it.

confidentiality of information- a mandatory requirement for a person who has gained access to certain information not to transfer such information to third parties without the consent of its owner.

electronic message- information transmitted or received by the user of the information and telecommunication network.

documented information- information recorded on a tangible medium by documenting with details that make it possible to determine such information or, as established by the legislation of the Russian Federation. cases, its material carrier.

Task 2. After studying the Yandex User Agreement source, answer the following questions:

1. At what address is the page with the Yandex user agreement located? http://company.yandex.ru/legal/rules/

2. In what cases does Yandex have the right to refuse a user to use its services? Yandex has the right to refuse the user if the rules or conditions of use are not accepted, or if they are violated.

3. How does Yandex monitor user transactions? Using programs: Yandex webmaster, Yandex Bar, Yandex Metrica, Yandex mail, Punto Switcher, Web Visor.

4. What is meant by the term “content” in the PS? Site contents: text information, graphic materials, multimedia files, etc.

5. What does the PS say about the ban on publishing materials related to:

- copyright infringement and discrimination against people? When posting materials, the user must indicate the source of information and who the author is. Also does not have the right to post content that discriminates against people based on race, ethnicity, gender, religion or social status.

- handling of animals? The user does not have the right to disseminate information demonstrating violence and cruelty to animals.

6. What is the maximum size of files and archives hosted by users when using the free hosting service? This is determined by the owners of a particular hosting, based on the volume external memory their servers.

7. Yours Mailbox on Yandex Mail will be deleted if you have not used it for more... 6 months

Task 3. Having studied the organization of software updates via the Internet. Set up automatic software updates weekly at 12:00. Describe how to install automatic software updates. To automatically update programs, you must be logged in with account"Administrator".

1. Click the “Start” button, select the “Control Panel” command and double-click the “Automatic Updates” icon.

3.Under the “Automatically” option to download and install recommended updates on your computer, select the day and time when the operating system Windows system must install updates.

Control questions:

What programs are called licensed?

Licensed programs - programs for electronic computers are subject to copyright and, as such, are protected by current legislation. Their use is possible only by agreement with the copyright holder.