What commercial tools do you want to replace? Please elablorate, as there are about 10,000 secuirty tools (commercial, OSS, Free) out there for about 200 different cyber secuirty subsets. I.E. Firewall, IPS, IDS, Policy Enforcement, Proxies, Web Services (mail, www, dns, etc) secuirty, content monitoring....The list goes on and on. What were you thinking about?

I'm not looking to replace anything.

I'm doing a research paper about large companies that had commercial security tools and then when to open source tools for whatever reason.

ISS RealSecure, Cisco Pix and IDS/IPS, Symantec are all popular solutions for Internet secuirty. But they all lack for various reasons.

For one, the cost. To setup an ISS sensor can cost $10,000+. Cisco IPS/IDS sensors start around $20,000. Then you have to factor in training to use systems. This means air fare, hotel, car just to get to training. Then another $3,000 per person to sit in training. Then another $300+ for certification test. Then you have to hope 1)they accually learned something useful 2)the don't leave your company after aquiring skills.

For two, flexability. If you need to monitor something that's not on the commercial applications "signature list" you either have to wait (nullifying 0-day protection) or, if your lucky, figure out how to write a custom signature for propraitary solution. The latter can be difficult in 90% of cases because there is little community (non vendor) support groups out their.

For three, scaling. This is a mix of above two points. If you don't expect to expand and by low, then expand quickly, you have to upgrade taps, custom vendor hardware and liecnce (sp?) keys for your sensors.

For four, secuirty. This may sound stupid, but your security tools may cost you more then secuirty of your network when they get owned (like your job). Vendors traditionally don't like to send out secuirty patches in timely manner, even security solutions vendors. Further, they don't like to own up to secuirty problems. OSS/FOSS do 99% of the time.

Opensource solutions

Your opinion is requested.
Currently my org is using a Cisco 525 series Pix.
But after lurking around the forums for a whileA post by Astcell, although subtle, made me a bit nervous.
I have read about various Open Source solutions from Linux Planet and Fresh Meat but I am requesting the opinions from the security experts from the Defcon Forums.
We have approximately 6000 users including 500 sattelite offices connecting via 128 Frame-relay circuits. We have 6 T-1's for Internet.
Is there a better solution in the Open Source world than that of the Pix? Would it be able to support the amount of users we have?
If you dont have a lot of time to respond, a link would be great. I dont mind reading and researching myself. Anything you have to enlighten me would be greatly appreciated. If this has been discussed before, excuse me for I would be an asshat. I did use the search function.
Your opinions are greatly valued.
Thank you,
Stringslayer

This is a bit partial, but I would go with pf. It's OpenBSD's packet filter. You can use it on any of the *BSD OS solutions, but it's best served on OpenBSD. Open has a packet filter network interface that you can pipe bogus traffic to for further inspection byond standard packet filtering as an added bonus.

The only problem with this solution it can be difficulty to work with. It can be VERY granular, so a standard PIX rule list @ 100 rules may be 400 rules in OpenBSD's pf.

If you want a nice commercial solution, based on effectivness I've seen, look into SideWinder firewalls. Their the current hotness in firewall solutions.

Just remember, don't look into one application or appliance to cover you to the end of time. There are ALWAYS new OSS/vendor solutions out to trump the current head of the pack. E.g. Pix lost to CheckPoint lost to NetScreen losing to SideWinder. Of course this list of event are IMHO, I could be a compleate idiot, but it's a good start.

If you're looking for a PF option then try PFsense. There is very little documentation out there at this time but we've had some successful installs.

http://www.pfsense.org/

Thank you both for sharing.

I have the iso of pfsense now so Im going to install that on my home network to evaluate for a bit.
The sidewinder product looks great. Im going to spend some time researching their site. It does seem similar to a product by Astaro.

Hackajar--you are so right
This reminds me of a lesson my father taught me as a child.
"If you don't learn something everyday of your life, the rest of the world will pass you up"

Thanks guys,
I have some researching/evaluating to do now