Announcement

Collapse
No announcement yet.

Open Source Security Tools Vs Commerical Tools

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Open Source Security Tools Vs Commerical Tools

    Doing research on companies who have switched over from Commerical Security Tools to Open Source Security Tools, have found very little...other than this...

    Open Vs. Commercial

    Also checked here and didn't find anything that really stuck out

    Linux Security White Papers

    Can anyone point me to any white papers or other sources of information where companies are making the move?
    "I am the EPITOME of FRUGALITY, the KING OF CHEAPNESS, the TIGHTEST of the TIGHTWADS, the MASTER-BLASTER of PENNY PINCHING, the BISHOP of UNDER-BUDGETING, the CARDINAL of COST-CUTTING, I AM THE MASTER MISER!!!."

    -Jim Sears

  • #2
    What commercial tools do you want to replace? Please elablorate, as there are about 10,000 secuirty tools (commercial, OSS, Free) out there for about 200 different cyber secuirty subsets. I.E. Firewall, IPS, IDS, Policy Enforcement, Proxies, Web Services (mail, www, dns, etc) secuirty, content monitoring....The list goes on and on. What were you thinking about?
    "Never Underestimate the Power of Stupid People in Large Groups"

    Comment


    • #3
      I'm not looking to replace anything.

      I'm doing a research paper about large companies that had commercial security tools and then when to open source tools for whatever reason.


      Originally posted by hackajar
      What commercial tools do you want to replace? Please elablorate, as there are about 10,000 secuirty tools (commercial, OSS, Free) out there for about 200 different cyber secuirty subsets. I.E. Firewall, IPS, IDS, Policy Enforcement, Proxies, Web Services (mail, www, dns, etc) secuirty, content monitoring....The list goes on and on. What were you thinking about?
      "I am the EPITOME of FRUGALITY, the KING OF CHEAPNESS, the TIGHTEST of the TIGHTWADS, the MASTER-BLASTER of PENNY PINCHING, the BISHOP of UNDER-BUDGETING, the CARDINAL of COST-CUTTING, I AM THE MASTER MISER!!!."

      -Jim Sears

      Comment


      • #4
        ISS RealSecure, Cisco Pix and IDS/IPS, Symantec are all popular solutions for Internet secuirty. But they all lack for various reasons.

        For one, the cost. To setup an ISS sensor can cost $10,000+. Cisco IPS/IDS sensors start around $20,000. Then you have to factor in training to use systems. This means air fare, hotel, car just to get to training. Then another $3,000 per person to sit in training. Then another $300+ for certification test. Then you have to hope 1)they accually learned something useful 2)the don't leave your company after aquiring skills.

        For two, flexability. If you need to monitor something that's not on the commercial applications "signature list" you either have to wait (nullifying 0-day protection) or, if your lucky, figure out how to write a custom signature for propraitary solution. The latter can be difficult in 90% of cases because there is little community (non vendor) support groups out their.

        For three, scaling. This is a mix of above two points. If you don't expect to expand and by low, then expand quickly, you have to upgrade taps, custom vendor hardware and liecnce (sp?) keys for your sensors.

        For four, secuirty. This may sound stupid, but your security tools may cost you more then secuirty of your network when they get owned (like your job). Vendors traditionally don't like to send out secuirty patches in timely manner, even security solutions vendors. Further, they don't like to own up to secuirty problems. OSS/FOSS do 99% of the time.
        "Never Underestimate the Power of Stupid People in Large Groups"

        Comment


        • #5
          Opensource solutions

          Your opinion is requested.
          Currently my org is using a Cisco 525 series Pix.
          But after lurking around the forums for a whileA post by Astcell, although subtle, made me a bit nervous.
          I have read about various Open Source solutions from Linux Planet and Fresh Meat but I am requesting the opinions from the security experts from the Defcon Forums.
          We have approximately 6000 users including 500 sattelite offices connecting via 128 Frame-relay circuits. We have 6 T-1's for Internet.
          Is there a better solution in the Open Source world than that of the Pix? Would it be able to support the amount of users we have?
          If you dont have a lot of time to respond, a link would be great. I dont mind reading and researching myself. Anything you have to enlighten me would be greatly appreciated. If this has been discussed before, excuse me for I would be an asshat. I did use the search function.
          Your opinions are greatly valued.
          Thank you,
          Stringslayer

          Originally posted by hackajar
          ISS RealSecure, Cisco Pix and IDS/IPS, Symantec are all popular solutions for Internet secuirty. But they all lack for various reasons.

          For one, the cost. To setup an ISS sensor can cost $10,000+. Cisco IPS/IDS sensors start around $20,000. Then you have to factor in training to use systems. This means air fare, hotel, car just to get to training. Then another $3,000 per person to sit in training. Then another $300+ for certification test. Then you have to hope 1)they accually learned something useful 2)the don't leave your company after aquiring skills.

          For two, flexability. If you need to monitor something that's not on the commercial applications "signature list" you either have to wait (nullifying 0-day protection) or, if your lucky, figure out how to write a custom signature for propraitary solution. The latter can be difficult in 90% of cases because there is little community (non vendor) support groups out their.

          For three, scaling. This is a mix of above two points. If you don't expect to expand and by low, then expand quickly, you have to upgrade taps, custom vendor hardware and liecnce (sp?) keys for your sensors.

          For four, secuirty. This may sound stupid, but your security tools may cost you more then secuirty of your network when they get owned (like your job). Vendors traditionally don't like to send out secuirty patches in timely manner, even security solutions vendors. Further, they don't like to own up to secuirty problems. OSS/FOSS do 99% of the time.
          In a world without walls and fences, who needs Windows and Gates?

          Comment


          • #6
            This is a bit partial, but I would go with pf. It's OpenBSD's packet filter. You can use it on any of the *BSD OS solutions, but it's best served on OpenBSD. Open has a packet filter network interface that you can pipe bogus traffic to for further inspection byond standard packet filtering as an added bonus.

            The only problem with this solution it can be difficulty to work with. It can be VERY granular, so a standard PIX rule list @ 100 rules may be 400 rules in OpenBSD's pf.

            If you want a nice commercial solution, based on effectivness I've seen, look into SideWinder firewalls. Their the current hotness in firewall solutions.

            Just remember, don't look into one application or appliance to cover you to the end of time. There are ALWAYS new OSS/vendor solutions out to trump the current head of the pack. E.g. Pix lost to CheckPoint lost to NetScreen losing to SideWinder. Of course this list of event are IMHO, I could be a compleate idiot, but it's a good start.
            "Never Underestimate the Power of Stupid People in Large Groups"

            Comment


            • #7
              Originally posted by hackajar
              This is a bit partial, but I would go with pf. It's OpenBSD's packet filter. You can use it on any of the *BSD OS solutions, but it's best served on OpenBSD. Open has a packet filter network interface that you can pipe bogus traffic to for further inspection byond standard packet filtering as an added bonus.

              If you're looking for a PF option then try PFsense. There is very little documentation out there at this time but we've had some successful installs.

              http://www.pfsense.org/

              Comment


              • #8
                Originally posted by highwizard
                If you're looking for a PF option then try PFsense. There is very little documentation out there at this time but we've had some successful installs.

                http://www.pfsense.org/
                Thank you both for sharing.

                I have the iso of pfsense now so Im going to install that on my home network to evaluate for a bit.
                The sidewinder product looks great. Im going to spend some time researching their site. It does seem similar to a product by Astaro.

                Hackajar--you are so right
                Originally posted by hackajar
                Just remember, don't look into one application or appliance to cover you to the end of time.
                This reminds me of a lesson my father taught me as a child.
                "If you don't learn something everyday of your life, the rest of the world will pass you up"

                Thanks guys,
                I have some researching/evaluating to do now
                Last edited by stringslayer; May 23, 2005, 02:16. Reason: typo
                In a world without walls and fences, who needs Windows and Gates?

                Comment

                Working...
                X