Open Source For Perimeter Security 56
An anonymous reader writes "IT Observer has a look at some of the perceived problems with an OpenSource approach to security and what could be done to improve the situation. From the article: 'There is a widespread and wholly inaccurate impression that open source development is somehow haphazard and undisciplined, a free-for-all among brilliant but uncoordinated individuals. In fact, most major open source projects are very tightly managed highly disciplined teams. This article gives examples of very successful Open Source security projects -- netfilter and Snort -- and also describes some weaknesses that need to be addressed by IT organizations or vendors.'"
Well, sort of. (Score:2)
Re:Well, sort of. (Score:1, Informative)
Socrates on Security (Score:5, Funny)
"The unexamined [code] is not worth [coding]." -- Socrates (Apology 38a [philosophypages.com])
__
Elephant Essays [elephantessays.com] - Custom-created essays and research papers.
Hoping for "home perimeter" security (Score:1, Informative)
Marketeer shows how to pitch open source... (Score:5, Insightful)
"By Walter Schumann, VP Sales and Marketing, Astaro"
You Slashdotters may make fun of marketing people, but I think Walter just showed you how YOU need to make your pitch for your favorite open source project at your company.
Re:Marketeer shows how to pitch open source... (Score:2)
Like spinning netfilter (over 100 000 lines of code) as something great when there is a much better packet filter, like pf [openbsd.org]?
Re:Marketeer shows how to pitch open source... (Score:3, Insightful)
Well...yes. That's kind of the whole point behind a specific pitch. Once you've decided to get X, you need to turn around and make an audience that may know a little something about both X and Y feel that X is clearly better. It's the very definition of spin...
Re:Marketeer shows how to pitch open source... (Score:3, Interesting)
And therein lies a large chunk of "the problem" for OSS projects if you ask me. It's much easier to manage 20 developers who each have to write 5,000 lines of code than to manage 700 developers who each write (I'm sure it doesn't work out like this) 143 lines of code. I'd love to have 700 people reviewing the code written by the 20, but 700 cooks in the kitchen it's extrem
Re:Marketeer shows how to pitch open source... (Score:1)
Re:Marketeer shows how to pitch open source... (Score:1)
Re:Marketeer shows how to pitch open source... (Score:3, Insightful)
Having a large development footprint is great for quantity, but how is the product's quality? No amount of marketing will tell you the true measure of of something's worth to a business. Sure you can make it sound like the best thing since sliced bread, but the reality is if it doesn't live up to expectations (something bad if you marketed it to your own m
Buy the book! (Score:2)
But if the author has written a book about the product - or even anything vaguely related - then buy it! For example, DenyHosts [sourceforge.net] is an excellent tool, and the online documentation is good enough that I can use it without any more docs. But if the author were to put together a book, I would certainly pick it up in appreciation for his time spent in developing and supporting that fine utility. In the meantime, I PayPal'd him a few bucks
Snort and Netfilter (Score:1, Informative)
With ne
Re:Snort and Netfilter (Score:2)
For Christ sake, only those into S&M like the iptables syntax. Use something decent [openbsd.org]
Re:Snort and Netfilter (Score:2, Interesting)
Plagerism (Re:Snort and Netfilter (Score:2)
Way to shameless rip off other people's work.
Re:Plagerism (Re:Snort and Netfilter (Score:1)
Forgot some ingredients... (Score:5, Insightful)
Which is one of the reasons they became major open source projects in the first place. Of course, that tightly managed highly disciplined team ALSO needs to be working on something we all want, and the end result needs to do the job, and do it well.
Open Source Security Nomenclature (Score:5, Insightful)
Could it possibly have something to do with the fact that some people just don't like having the words 'Open Source' attached to their computer security? Maybe rename it to something like 'Closed Fortress OS' or 'Locked Down OS' to give a more positive ring to it?
Maybe I am just thinking about it too much.
Re:Open Source Security Nomenclature (Score:1)
OS Defender
There shouldn't be a problem with that, right?
- Tony
Re:Open Source Security Nomenclature (Score:2)
Re:Open Source Security Nomenclature (Score:2)
Re:Open Source Security Nomenclature (Score:1)
my 2 cents (Score:4, Interesting)
They ignore that the driving principle in open source development is quality software, so everyone who works with it is always looking to find the flaws and remove them.
Neither is inherently more secure, open source has the benefit of more people actively working to improve the code base than any commercial software company can afford to pay. That includes Microsoft. Yes, Microsoft cannot afford to pay the same number of programmers as are actively donating code improvements to open source software solutions.
Those of us that use open source software are more likely to learn the code to improve software we like than those using proprietary products are likely to do anything to help improve the software, including submitting the automatic crash reports that most software has implemented.
[ I personally don't use that even with open source software, running gdb against the core, then seeing what caused the crash and submitting a patch is more usefull. ]
Re:my 2 cents (Score:4, Interesting)
We would like to think so, however, the driving principle of many open source projects is more features [openbsd.org]:
Re:my 2 cents (Score:1)
For example, ethereal is a tool to analize packages, I really dont care much about it's security, is a analisis tool, not a preventive or perimetral tool...
Im much more concerned about linux kernel security, apache, dns, squid, sendmail, snort and all other tools used to provide a service, which have 24x7 hours open ports...
And for example, OpenOffice, Konqueror security should be biased to avoid unauthorized contact between the application and th
Re:my 2 cents (Score:1)
Most other projects do pay more attention to code quality, and fixing bugs is a priority for them.
A good example was the Critical exploit for linux based Firefox, patched within 24 hours of the exploit being found.
[ from Secunia's reports. This was at the beginning of Feb, when the WMF exploit caused MS to release a patch early for the first time. ]
Re:my 2 cents (Score:2)
Why is it then, that flagship projects like OpenOffice.org and Firefox are organized. led, staffed and funded by a single corporate entity like IBM, Sun or the Moz Foundation? That many open source projects do not attract an army of volunteers and are in fact starving for manpower and resources?
Re:my 2 cents (Score:1)
no-one wants to use it, no-one offers help.
Mozilla was actually started by Netscape, to get the faster develpoment of open source into the code base behind Netscape Communicator. They still use the NPL, rewritten to be the MPL, for a lot of the code in all the Mozilla tools.
the successful open source projects do wind up starting a company, which has control / ownership of the code base, this
Zorp (Score:2)
http://www.balabit.com/products/zorp/ [balabit.com]
Check it out.
Re:Zorp (Score:2)
The "layers" have been switching around in OSI model so many times, I can't even figure out anymore how many there are supposed to be...
Re:Zorp (Score:2)
(There are multiple models, of course, but OSI layer 7 is quite an accurate description of something)
Re:Zorp (Score:2)
This will, however, save seriously on complexity (e.g. try configuring passive ftp in different firewalls a few times, same type of issues for sip etc.)
Brilliant individuals? Where? (Score:2, Insightful)
I don't think it's that widespread, except amongst Open Source fans. :-)
The impression I usually see is that Open Source projects are done by guys who were laid off and need something to fill in the time between gaming sessions.
Re:Brilliant individuals? Where? (Score:2)
There you go, less troll-like and closer to the truth!
Re:Brilliant individuals? Where? (Score:2)
Don't try this at home (Score:1)
Haphazard? (Score:2, Insightful)
Since then (7 years now) I have had ZERO worms, ZERO security breaches, have cut the Windows server reboots by 80%.
These 2 projects have saved me countless hours of time...
<li>http://www.squid-cache.org/<li/>
and
<li>http://vlsi.cornell.edu/~rajit/fbsd/bridge.htm l<li/>
Re:Haphazard? (Score:1)
Too Quick on the Trigger...
http://www.squid-cache.org/ [squid-cache.org]
http://vlsi.cornell.edu/~rajit/fbsd/bridge.htm1 [cornell.edu]