5. Snort
Snort is a free, open source intrusion detection and prevention system (IDS/IPS). It can also function as a sniffer and packet logger. Real time alerts and analysis are possible with Snort as well. It is a high performance IDS that supports logging to many different databases, and can run on Unix based operating systems as well as Windows.
4. Nessus
Nessus has long been my favorite vulnerability scanner, due to its speed, accuracy, and depth. Be warned, with such a large vulnerability library it can mean long times for scans. Currently there are over 28K plugins available, with automatic updates possible for new plugins. Nessus 4 is one of the fastest scanners I've used.
3. Nmap
Nmap is a versatile tool for network scanning, port mapping, and OS & application discovery. Whether you want to find and identify every host on a large network, or port map and discover every application running on a single host, nmap excels. To find out more, see my article on how to use nmap.
2. Stunnel
Stunnel allows you to encrypt any TCP connection using SSL. If you have a service or daemon that is not secure sockets layer (SSL) capable, but you need to protect sensitive information being sent, this is a great tool for doing that. Stunnel does require an SSL library in order to function, such as OpenSSL.
1. OpenSSH
Secure Shell is the de facto replacement for telnet and other plaintext terminal applications on all Unix-like operating systems. OpenSSH is the free, open source version of secure shell. Secure copy and secure FTP functionality is included. Strong authentication is supported, including public key and Kerberos authentication.
Where to Start?
Some of these tools you really should be using every day--especially if you're not right now. If there are logistical reasons you aren't running an IPSec VPN, look into Stunnel. OpenSSH should be your standard for console access to all your Linux and Unix based hosts. If you haven't looked into Snort yet, check out my review of it here. You really should have netfilter running on your Linux systems just like a host based firewall on your Windows systems. These tools should be able to solve most of your top ten network security needs.