Meaning to pick nits with the redhat and suse supporters out here;
the redhat and suse distributions themselves are weekly hit with numerous
security issues in many of the most basic packages of a full, stock
installation. Of course this is not entirely limited to these 'for
profit' perse ventures in the linux line, yet I think from a security
standpoint, there are better distributions one might actually choose to
back up a security argument, yes?
Thanks,
Ron DuFresne
On Thu, 19 Oct 2000, mouss wrote:
> you're right to say from the start that this is a sensitive debate!
> here's my opinion anyway...
>
> first note that open source may be commercial. for ex, redhat is a commercial
> product.
>
> - As of today, open source security solutions are quite mature and some of
> the available ones are simply excellent, even when compared to commercial ones.
> ipfilter, ipfw, ipchains, iptables, ... all provide a viable alternative as
> packet filters.
> there are also many app level proxies. note that the fwtk is the basis of most
> commercial proxies.
>
> - source code availability is a a well known advantage, but when it comes
> to security,
> it is a critical one. it is easy for a commercial vendor to code backdoors
> in their firewall
> solution. Even when they are "honest", there may be critical bugs that are
> not known to
> the public but may be found either by "luck" or by a disgrunted employee.
>
> - if you need commercial support, then you need a commercial contract, be
> it based on
> an open source produc or not.
>
> - most open source products are also freely available. some stupid old
> fashioned executives are
> too xxxx to understand that it is possible to have good service with a
> cheap solution.
>
> - with "free" open source products, there is a guarantee that there will
> always be someone
> who improves things the right way. with a commercial version, it's always a
> matter of market shares.
> just look at how the cyberpatrol "worm" got into the gauntlet.
>
> ...
>
> regards,
> mouss
>
> At 09:25 19/10/00 -0400, Bennett Samowich wrote:
> >Greetings,
> >
> >I probably will open the proverbial "can of worms" here, but...
> >
> >With the amount of different products on the market and without starting a
> >religious debate, what would be the advantage of using commercial firewall
> >or IDS products versus OpenSource ones? I have used ipchains and snort at
> >sites with over 1000 nodes and it seemed to work just fine. I have also
> >been at sites that are using Cisco PIX and (can't remember the name) their
> >IDS. I really can't see any distinct advantage save for budget and
> >personal preference. Is it really that simple?
> >
> >Thanks in advance,
> >- Bennett
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
