Open source security and the value of Nmap: Making the case to your clients

It's not unreasonable for a customer to be hesitant to allow open source security tools on their network. This tip weighs Nmap against comparable commercial scanners and provides you with selling points to convey to your clients.

It's not unreasonable for customers to be hesitant to allow open source security tools on their network. They worry...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

about the security of open source software. This tip weighs Nmap against comparable commercial scanners and provides you with selling points to convey to your customers.

Nmap and the open source debate
As Nmap is free it obviously comes in ahead of other network mappers in terms of cost. However, many IT administrators remain wary of open source software, often citing the lack of any warranty protection as a drawback when selling a proposal involving open source tools to senior management. For critical applications, such as network operating systems, many feel it is too much of a risk. However, it's extremely unusual for proprietary software suppliers to actually warrant that their software will provide you with uninterrupted and error-free operation. While Nmap doesn't come with a warranty, it is well supported by its enthusiastic development and user support communities. It is also well-documented, with up-to-date man pages, whitepapers and tutorials, though there is no expensive hotline to call if you have a problem or query!

Mature, open source software, particularly in the field of IT security, can often be a viable alternative to proprietary software. A series of UK government-sponsored trials in to open source implementations produced interesting results, concluding that open source application software used for specific tasks is often fit for purpose, as well as highlighting the fact that buying specialist software can lead buyers to suffer "hidden lock-in." However, as most open source software begins life on a Unix-based machine, the Windows-ported versions, which are often built on top of the original underlying library, don't necessarily take full advantage of the Windows environment in the way software written specifically for Windows does. Another area where open source tools do tend to fall behind their proprietary competitors is the integrated GUI. Thankfully there are some GUIs being developed for Nmap for those who prefer to stay away from the command line.

About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This tip originally appeared on SearchSecurity.com.

This was last published in December 2006

Dig Deeper on Network security products, technologies, services

All
News
Get Started
Evaluate
Manage
Problem Solve

MicroscopeUK

Related Resources

Dig Deeper on Network security products, technologies, services

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.