Security “for free”?

As security professionals, we are continuously facing the challenge of smaller and smaller budgets allocated to maintain and improve the IT security. That’s probably the main reason why there is always the temptation of “Free”. Many people, sometimes even professionals, think that they can achieve a good security for free. “For free” means in this context that some programs used to achieve and improve security don’t cost any money to acquire.  Unfortunately, the analysis of the costs stops at the acquisition and it ignores other costs like the installation and maintenance costs. But, is it possible to cover all the possible attack vectors with free security products? I made a short analysis of the most common ways used to endanger the IT security and if it is possible (to my best knowledge) to cover them with free tools. I am ignoring the social engineering techniques as they, most of the time, can’t be combated with tools. The security landscape changes continuously and you have to be fully protected against the most common attack vectors: infections through files carried on USB sticks, memory cards, mobile hard drives, downloaded files network attacks (spoofing, DOS) vulnerabilities that get exploited in common software drive-by … Continue reading Security “for free”?