Open source security and the value of Nmap: Making the case to your clients

It's not unreasonable for customers to be hesitant to allow open source security tools on their network. They worry about the security of open source software. This tip weighs Nmap against comparable

    Requires Free Membership to View

commercial scanners and provides you with selling points to convey to your customers.

Nmap and the open source debate
As Nmap is free it obviously comes in ahead of other network mappers in terms of cost. However, many IT administrators remain wary of open source software, often citing the lack of any warranty protection as a drawback when selling a proposal involving open source tools to senior management. For critical applications, such as network operating systems, many feel it is too much of a risk. However, it's extremely unusual for proprietary software suppliers to actually warrant that their software will provide you with uninterrupted and error-free operation. While Nmap doesn't come with a warranty, it is well supported by its enthusiastic development and user support communities. It is also well-documented, with up-to-date man pages, whitepapers and tutorials, though there is no expensive hotline to call if you have a problem or query!

Mature, open source software, particularly in the field of IT security, can often be a viable alternative to proprietary software. A series of UK government-sponsored trials in to open source implementations produced interesting results, concluding that open source application software used for specific tasks is often fit for purpose, as well as highlighting the fact that buying specialist software can lead buyers to suffer "hidden lock-in." However, as most open source software begins life on a Unix-based machine, the Windows-ported versions, which are often built on top of the original underlying library, don't necessarily take full advantage of the Windows environment in the way software written specifically for Windows does. Another area where open source tools do tend to fall behind their proprietary competitors is the integrated GUI. Thankfully there are some GUIs being developed for Nmap for those who prefer to stay away from the command line.

Read more on how to make the case for the security of open source software like Nmap..

About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book
IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This tip originally appeared on SearchSecurity.com.

This was first published in December 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.