Open source security and the value of Nmap: Making the case to your clients

It's not unreasonable for a customer to be hesitant to allow open source security tools on their network. This tip weighs Nmap against comparable commercial scanners and provides you with selling points to convey to your clients.

Michael Cobb

Published: 08 Dec 2006

It's not unreasonable for customers to be hesitant to allow open source security tools on their network. They worry about the security of open source software. This tip weighs Nmap against comparable commercial scanners and provides you with selling points to convey to your customers.

Nmap and the open source debate
As Nmap is free it obviously comes in ahead of other network mappers in terms of cost. However, many IT administrators remain wary of open source software, often citing the lack of any warranty protection as a drawback when selling a proposal involving open source tools to senior management. For critical applications, such as network operating systems, many feel it is too much of a risk. However, it's extremely unusual for proprietary software suppliers to actually warrant that their software will provide you with uninterrupted and error-free operation. While Nmap doesn't come with a warranty, it is well supported by its enthusiastic development and user support communities. It is also well-documented, with up-to-date man pages, whitepapers and tutorials, though there is no expensive hotline to call if you have a problem or query!

Mature, open source software, particularly in the field of IT security, can often be a viable alternative to proprietary software. A series of UK government-sponsored trials in to open source implementations produced interesting results, concluding that open source application software used for specific tasks is often fit for purpose, as well as highlighting the fact that buying specialist software can lead buyers to suffer "hidden lock-in." However, as most open source software begins life on a Unix-based machine, the Windows-ported versions, which are often built on top of the original underlying library, don't necessarily take full advantage of the Windows environment in the way software written specifically for Windows does. Another area where open source tools do tend to fall behind their proprietary competitors is the integrated GUI. Thankfully there are some GUIs being developed for Nmap for those who prefer to stay away from the command line.

About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This tip originally appeared on SearchSecurity.com.

Dig Deeper on Managed network security services

When to use open source security tools over commercial products When budgets are cut and open networks still need securing, it may be helpful to try open source security tools as a sufficient and affordable alternative to pricey commercial products.

How to use Nmap to scan a network Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap.

Open source security tools Open source security tools are often as powerful and effective as their commercial cousins. This guide collects four of the best and shows you how to use them!

Sourcefire, Nmap deal to open vulnerability scanning Sourcefire and Insecure.org have inked an agreement to develop open source vulnerability scanning tools based on Insecure's Nmap scripting engine.

Nmap Tutorial: An introduction for VARs and security consultants This introductory tip to testing customers' networks with Nmap kicks off our Nmap Tutorial, which covers installation, configuration, scanning techniques and more.

MicroscopeUK

Open source security and the value of Nmap: Making the case to your clients

It's not unreasonable for a customer to be hesitant to allow open source security tools on their network. This tip weighs Nmap against comparable commercial scanners and provides you with selling points to convey to your clients.

Dig Deeper on Managed network security services

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

MicroscopeUK

Aligning managed services with needs of SMEs

HP expands channel finance options

Context warns channel to expect challenging year ahead on the PC front

SearchSecurity

Google expands multiple Chrome password protection features

RSA teams up with Yubico for passwordless authentication

Pentagon CMMC program to vet contractor cybersecurity

SearchStorage

Amazon tech VP lays out ambitious AWS storage vision

Get to know storage-as-a-service providers and their offerings

Quobyte storage brings satellite imagery down to Earth

SearchNetworking

Consider these 5 FAQs for network monitoring best practices

Cisco's Silicon One networking chip targets cloud data centers

7 factors to consider in network redundancy design

SearchCloudComputing

The future of the Kubernetes ecosystem isn't all about cloud

Evaluate general and niche cloud service use cases

Compare niche cloud services to the hyperscale offerings

SearchDataManagement

Amazon Managed Apache Cassandra Service stokes competition

Aerospike 4.8 advances database persistent memory support

Data warehouse technologies evolve as vendors look skyward

SearchBusinessAnalytics

Government IT pros: Hiring data scientists isn't an exact science

Tableau 2020.1 unveiled for beta testing

Data scientist vs. data analyst: What's the difference?

Dig Deeper on Managed network security services

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.