We looked at some excellent open source security applications for small businesses in our article, 5 Open Source Security Tools for Small Business. This roundup includes more open source tools to protect your online privacy, evade snoops and censors, protect your passwords, and protect your data.
Is Open Source Secure?
The Heartbleed bug in OpenSSL was alarming, but does it mean that open source software is unreliable? A single incident hardly constitutes an indictment of a huge and diverse software ecosystem. In the open source world, “given enough eyeballs, all bugs are shallow” is a cherished belief. It means that open code is stronger because anyone can examine the code and find and fix flaws. Security expert Bruce Schneier, in Secrecy, Security, and Obscurity, explains how the open source development model produces stronger code.
How did a serious bug in an essential technology go undetected for more than two years? The short answer: cryptography is very difficult to implement correctly, and OpenSSL was maintained by overworked and underfunded developers. Open source worked as intended because, once discovered, the flaw was publicly announced and a fix quickly released. In addition, the Linux Foundation is allocating funds and developers to OpenSSL. While nothing is ever 100 percent certain, open source has a long record of reliability.
5 Open Source Security Apps for All Occasions
1. KeePass Password Safe
If you spend any amount of time online you have an unwieldy number of logins and passwords to manage. KeePass is a super-nice, free password creator, manager and encrypted locker that stores your logins securely. You only need to remember a single master password. For extra-strong security you can also secure it with an encryption key. KeePass runs on Mac OS X, Linux, and Windows. There are also portable versions that run from a USB stick, and mobile versions for Android, iPhone, iPad, Blackberry, and Windows Phone 7.
Figure 1: KeePass, an open source encrypted password locker.
2. Tor and Tails: Hiding from Online Snoops
Online security is very difficult, because the Internet was not designed for security and secrecy. Powerful commercial and government interests invest enormous resources into poking their noses into every nook and cranny of our online activities. You’ll find a number of open source tools to protect you from online snoops and censors, such as Tor (a.k.a., the onion router), and strong encryption for documents and your online sessions.
Invented by the U.S. Naval Research Laboratory, Tor protects online communications. It routes your Internet travels through a twisty global network of encrypted routers to foil traffic analysis, and to get around online censors. Anyone with access to the wires, routers, or servers that your traffic passes through can eavesdrop with trivial ease, unless you foil them by encrypting your Internet communications.
Figure 2: Tails can look like Windows XP operating system.
The easiest way to use these tools is by running Tails (The Amnesiac Incognito Live System), a complete operating system that bundles a nice assortment of privacy and encryption applications into an easy-to-use live Linux distribution. Tails runs from a USB stick or CD/DVD.
A USB stick is a lot faster, and you can configure it to save your settings and store documents, which you can’t do with a CD/DVD. Just pop it in to any computer, boot it up, and by default everything you do on the Internet goes through Tor. In addition you get strong tools for encrypting files, secure deletion, KeePass, ad and script blockers, and email and instant messaging already set up with encryption and anonymity.
3. Secure Cloud Storage
Popular cloud storage vendors Dropbox and Google Drive are not very secure, and Dropbox has been afflicted with some embarrassing gaffes such as accidentally turning off password authentication, and getting hacked. The best cloud storage is “zero knowledge,” which means your files are strongly-encrypted, and nobody can get into your files without your encryption key. My pick for best zero-knowledge cloud storage vendor is Spideroak.
Figure 3: Back up files with Spideroak.
Spideroak offers a 2GB account for free, and charges $10 per each additional 100GB. Business users get special volume deals that drop the price-per-user way down. You can use it for automatic continuous backups, sharing, and syncing between multiple devices. Spideroak has free clients for Linux, Windows, Mac, iPhone/iPad, and Android. When you sign up and create an account you create your encryption key and password. Your files are encrypted with this key, and if you ever lose your password you cannot recover your files. Nobody can, which is the whole point.
4. GnuPGP Email Encryption
OpenPGP is the industry standard email encryption program. You’ll find OpenPGP implementations that run on Windows, Linux, Mac, iPhone/iPad, and Android. OpenPGP is descended from PGP (Pretty Good Privacy), which was invented by Phil Zimmerman back in 1991. PGP uses private-public key pairs to sign, encrypt and decrypt emails; the public key encrypts and the private key decrypts. This is a most ingenious system that allows you to distribute your public keys far and wide so that other people can send you encrypted communications, and only you can open them.
PGP also supports integrity checking to detect tampering, and message authentication for verifying the identity of the sender. Authentication is tricky in all cryptosystems—how do you know that a given public key really belongs to a particular person? PGP’s solution is a web of trust, where known third parties sign public keys and vouch for their authenticity. Another method is key signing parties, where public keys are signed and exchanged in person. PGP is one of the very strongest encryption programs you can use.
5. Privacy Badger Cuts Off Web Snoops
Privacy Badger is a slick Firefox Web browser add-on that stops ad trackers from recording your movements across the Internet. Most websites pull in content from multiple sources: their own servers, ad servers, remote content servers, third party discussion servers, social media apps, and even third-party login servers. None of them provide their services altruistically: they’re in it to make a buck, and you and I are the products.
Figure 4: Privacy Badger detects and blocks Web-tracking software.
Privacy Badger analyzes all of this activity to detect and block tracking scripts, Web bugs, and tracking cookies. As you might expect, Facebook relies on all of these type of scripts (Figure 4). Privacy Badger handles all of this automatically, and you may also tweak the sliders yourself to suit your preferences. Some sites become unusable when you disable all the nasty stuff, which is good to know, so you don’t get sucked into them again.
Carla Schroder is the author of The Book of Audacity, Linux Cookbook, Linux Networking Cookbook,and hundreds of Linux how-to articles. She’s the former managing editor of Linux Planet and Linux Today.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the c SmallBusinessComputing.com Forums. Join the discussion today!|