BOSS - BSI Opensource Security Suite

Security holes in information technologies mean a threat for any authority, company and also for any private user to loose money or working time. It is a well known fact that absolute security does not exist. But there do exist some Free Software products that support the job to identify security problems and to solve them.

Intevation GmbH has been contracted in summer 2004 to develop a tool for central management and coordination of security scans for network security audits.

A easy to use and german graphical user interface was one of the requirements. Furtermore, a central management and reporting for security scan should be supported with various helping information and simple configuration. Another requirement was to incorporate various Free Software tools for local security checks to complement the scans of Linux-based systems in the network. Finally, the whole system should be easy to extend.

Intevation, in cooperation with DN-Systems Enterprise Internet Solutions GmbH, realized these requirements through building upon the well-proven network security scanner Nessus. This happened in close cooperation with the lead developer of Nessus, Renaud Deraison. Project manager of BOSS was Jan-Oliver Wagner from Intevation, responsible for SLAD and its security concept was DN-Systems. The project duration was from july 2004 to June 2005.

Apart from the improved Nessus GTK user interface, a new tool, Security Local Auditing Daemon (SLAD), has been developed. This daemon controls the locate security tools such as John the Ripper for finding weak passwords.

With SLAD, Nessus gains now the ability to check target systems no also intensively from inside for weaknesses or even already successful attacks. The central control and analysis simplifies a organization-wide security auditing.

All extensions of Nessus are integrated into the main development (CVS HEAD). SLAD is also licensed under GNU GPL but organized as a separate project since it also can be used independent from Nessus.

Another result of the BOSS project was the BOSS-Live-CD which has been released and distributed for free at Linuxtag 2005 in Karlsruhe. The CD contains only Free Software which means it can be further copied and distributed. Especially it contains installation packages for Nessus and SLAD for Debian GNU/Linux 3.0, SUSE Linux 9.2, Fedore Core 2 and Windows XP (for Windows only Nessus GTK GUI).

With a circulation of about 400,000 the BOSS-Live-CD accompanies the german computer magazine PC-Welt in its septmeber issue of 2005.

The picture shows the project team at one of the routinely executed project maintenance meetings (from left: Renaud Deraison, Boris Wolf, Lukas Grunwald, Jan-Oliver Wagner und Frank Koormann; Thomas Arendsen Hein not on picture).