It's great to get something you need for free. And there are a plethora of tools users can deploy for intrusion detection, network mapping and vulnerability assessment available as free downloads from the Web.

Some of these tools, such as the Snort intrusion-detection system (the freeware version of Sourcefire's commercial intrusion-detection system appliance) and the Nessus vulnerability scanner, are used by thousands of organizations. Other tools, such as Coloured Petri Nets, which is used for charting a network into security zones, are less well known. IT managers say they're impressed with what's offered for free via the Web, and they make use of the best they can find.

Coloured Petri Nets lets network managers draw a picture of a network and model it to discover its security strengths and weaknesses, said Peter Stephenson, director of information assurance at Eastern Michigan University's Center for Regional and National Security in Ypsilanti, at the recent NetSec conference in San Francisco. "We can rate servers for criticality and sensitivity" he said, adding that IT staff also strive to understand the nature of content on the computers through user interviews.

Developed by the University of Aarhus in Denmark, Coloured Petri Nets has a link-analysis component to show how it might be possible for an attacker to compromise a desktop or server and reach more critical systems.

The tool helps managers define the sensitivity of computers on their networks, making it clear which ones probably should be cordoned off from general access. "It lets you look at all the domain combinations allowed," Stephenson said.

Stephenson said the university also makes use of the Nessus freeware vulnerability scanner to locate network holes. However, the university doesn't rely on freeware alone to handle security tasks on its 27,000-user network. For example, Guidance Software EnCase Enterprise Edition remotely collects data about servers and desktops, such as what ports might be open and analyzes the registries.

"I can snapshot multiple devices very rapidly and find evidence [that] a device has been penetrated," he said.

The information collected by Nessus, Encase and other tools, such as the SolarWinds SNMP-based mapping tool, contribute to helping build a graphic view of the university's network using Coloured Petri Nets.