you're right to say from the start that this is a sensitive debate!
here's my opinion anyway...
first note that open source may be commercial. for ex, redhat is a commercial
product.
- As of today, open source security solutions are quite mature and some of
the available ones are simply excellent, even when compared to commercial ones.
ipfilter, ipfw, ipchains, iptables, ... all provide a viable alternative as
packet filters.
there are also many app level proxies. note that the fwtk is the basis of most
commercial proxies.
- source code availability is a a well known advantage, but when it comes
to security,
it is a critical one. it is easy for a commercial vendor to code backdoors
in their firewall
solution. Even when they are "honest", there may be critical bugs that are
not known to
the public but may be found either by "luck" or by a disgrunted employee.
- if you need commercial support, then you need a commercial contract, be
it based on
an open source produc or not.
- most open source products are also freely available. some stupid old
fashioned executives are
too xxxx to understand that it is possible to have good service with a
cheap solution.
- with "free" open source products, there is a guarantee that there will
always be someone
who improves things the right way. with a commercial version, it's always a
matter of market shares.
just look at how the cyberpatrol "worm" got into the gauntlet.
...
regards,
mouss
At 09:25 19/10/00 -0400, Bennett Samowich wrote:
>Greetings,
>
>I probably will open the proverbial "can of worms" here, but...
>
>With the amount of different products on the market and without starting a
>religious debate, what would be the advantage of using commercial firewall
>or IDS products versus OpenSource ones? I have used ipchains and snort at
>sites with over 1000 nodes and it seemed to work just fine. I have also
>been at sites that are using Cisco PIX and (can't remember the name) their
>IDS. I really can't see any distinct advantage save for budget and
>personal preference. Is it really that simple?
>
>Thanks in advance,
>- Bennett
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
