On Fri, 7 Jun 2002, E.C. Mathews wrote: > /De-lurk > > Hello, > > I am new to the list, and relatively new to Firewall > technology. > > Just wondering if any/many of you use > security based on open source technology > like Astaro and if so, what your thoughts are.
"Like Astaro" is fairly nebulous without a lot more digging into Astaro. Lots of people use Open Source systems to protect both networks and information. Having source available is more important to me in a mode where I know I'll have to do strange things without vendor support than simple firewall technology (for instance, if I need to do some sort of odd content inspection and commercial products that offer this don't meet my requirements.) If you're really acutely worried about validation and verification, then having source available is almsot a complete necessity (it's theoretically possible to do verification without it, but that's an intensely difficult problem)- however I don't know all that many people who deploy Open Source solutions who actually even *attempt* code review- that's a shame, because people could stand to learn more about the systems they deploy. The Open Sourcedness of a particular solution should be a criterion for evaluation if you need or desire it, but there is a very wide range of Open Source security solutions, base platforms for implementing solutions, and reasons for using them. Things from RSBAC's security model implementations to in-kernel stateful filtering all work to a certain extent. You'll find generally that companies which have Open Source solutions deployed tend to be small or completely unaware of it (or sometimes vaguely aware that there's some O.S. stuff in the mix with their commercial products.) Many commercial firewall products are either open source implementations or based on them (and in the past based on source available solutions despite the licensing stuff of the day.) Personally, I've used O.S. solutions for border and WAN protection in large corporations, small businesses, home networks, and non-profit entities. None of them have been "all in one" firewall solutions, as I tend to deploy per-protocol tools seperately from packet filtering tools, as well as try to deploy hetrogeneous solutions to gain some resiliancy. It's not clear if you're looking for comfort in the fact that people use Open Source for security products (they do), if you're looking for a specific reason to, or not to use them, or if you're looking for information on O.S. security solutions (you could probably spend a day or so checking out everything on Freshmeat alone,) or if you're looking for validation of a particular product (sorry, never heard of it before.) Perhaps you could narrow things down a bit? Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
