Each time I read an article which wonders "Is OpenSource Good Enough", I have to laugh. Both at work and at home, I protect my systems with OpenSource security software freely available on the internet. I write up my own dynamic security scripts which makes use of these software packages to adapt to the attempts at intrusion on my systems.

When Code Red and Nimbda hit my webserver, I was getting well in excess of ten thousand hits a day. Using a combination of Portsentry and ipTables, I was able to dynamically update my firewall and routing on my server to reduce the number of "worm hits" down to a mere twenty per day. Currently, I get about 1-5 hits per day from dwindling worm infected systems.

When I told a co-worker about the solution I had worked up with OpenSource software, he wondered whether my firewall/router can take than many(literally tens of thousands) of rule and route updates.

It could because the system had the capability to and I took the time to configure it for high load and large lists of rules.

The commercial firewall bundle used at work(a common one which I will not name) has problems when its object database has more than 50 rules and more than 300 objects because of the limitations of it's interface. Not to mention the numerous security backdoors to the software which have yet to be patched.

The commercial application costs $1500-$5500 depending on the number of hosts it is protecting. The OpenSource software cost me nothing.

Both costs me time. But it's the OpenSource solution that I trust and find works the most efficiently.

BlackHats constantly evolve. Much faster than commercial venders. BlackHats are using opensource tools... but security companies seem to have a problem with using them and insist on a "in-house-proprietary" tool to market.

I think the gist of the article has it partly right: The value lies in service and support. But that service must have a strong foundation to stand on. And that foundation is well coded and well maintained software.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/297/9162#9162