Security through obscurity?


"security through obscurity..." you know the rest.

LosT

OpenBSD router and PF combo would be excellent... You could also use Zebra if you have some Cisco CLI/IOS skills... http://www.zebra.org/
I think Zebra has been around a lot longer than XORP and has a bigger user base, but i could be wrong....
Open Source routers are the way to go...

Really? Visit http://www.cisco.com/warp/public/707/advisory.html and count the vulnerabilities. Then visit
http://www.openbsd.org and the first thing you will see is:

"Only one remote hole in the default install, in more than 8 years!"

When you compare frequency of security holes in major opensource projects (apache, samba, openssl, openssh, Linux (kernel) etc) to those in MS Windows, you generally tend to find a greater _number_ of security holes reported and fixed in OpenSource software which get fixed in a timely manner, but the seriousness of security holes is more frequently not as severe as the number of severe security risks in MS Windows.

MSIE still have about 26 (?) outstanding security holes which mostly deal with users visiting untrusted sites, which MS does not consider worth their effort to fix. These have remained for quite a while now, and can be found as parts of threads discussed in various full disclosure lists.

An examination of the information found in an excellent book titled, "The Mythical Man-Month," should permit even a casual reader to understand that the number of bugs per line of code in OpenSource projects is likely to be similar to the number of bugs per line of code in closed-source projects. If this is the case, what is the difference? With OpenSource, there is a better chance for many eyes to find bugs and fix them. Reputations of coders ensure timely fixes to security holes. However, with closed source, the repairs to security risks are hidden, like landmines, waiting to be discovered. [Another good book to aid in understanding for motivation of OpenSource this is the well known book by Eric Raymond called "The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary"]

To make matters worse, when you buy closed source software, you buy into built-in obselecense, and there will come a time when that software with its hidden bugs will no longer be supported and you will be forced to pay more for the netxt version if you want security fixes.

At least with Open Source, when a product reaches and End-Of-Life-Cycle, you can either use inside programmers to maintain it, or use the code on your own and maintain your own branch until you decide to upgrade; the point here is that you at least have a choice.

This does not mean that OpenSource is the only way to go, but to assume that OpenSource is a greater risk for exploitation by hackers seems a bit short-sighted.

Consider a sample case. Apache (OpenSource) has many things going for it, and its security record at present is much better than IIS. This is one of many reasons why an OpenSource project for a web server Outnumbers MS IIS web servers by over 3 to 1 and Apache has over 2/3rd of the WebServer market.

[Edit: fix grammar and added content above in [ ] ]

I say that too....the free code source expose the software to a many script kiddies......many bugs......etc.

Yea, cause you know that is what OpenSource is all about..

I think we have an ID10T error here.

Watch out OpenBSD, it's becoming a great router solution since CARP...

You really want to use a Closed Source router on witch source have been leaked?

Open source

As with any open source product, the keys are flexibility and stability. If configured properly, it should prove secure for example SmoothWall. If that does not convince you, try an open source OS. Most flaws are user defined.

RG

Do you really want your router open source so that every hacker out there knows exactly how to exploit it..?


- CD