Wednesday, December 12, 2007

SMB Firewall 2.0 - Open Source vs Commercial

Many companies are updating their old firewalls or investigating newer "next gen" options with more features. I've recently helped customers evaluate these options and came up with some surprising results.

Cisco ASA5505 10user IPSEC ~$375

Netscreen 5gt 10user IPSEC ~$450

Sonicwall TZ170 10user IPSEC ~$400

3com/Tippingpoint X5 ~$600

While the quality of hardware is nice, I found the commercial offerings available for the small/medium sized business space is very limited in functionality and open source solution to be much more feature rich (and free!)

Lets review some of the options:

Pfsense - Very feature rich, easy to use and slick web based management (based on m0n0wall)

M0n0wall - Stable freebsd based firewall with all the basics + more such as QoS and Wifi AP support.

Shorewall - Linux based firewall packages with QoS and many other features

Thursday, December 6, 2007

Matt Jonkman leaves Bleeding Edge Threats...

Understand this has been over blogged, but for us Snort ninjas and open source lovers who have seen the evolution of community driven Snort rules are very worried, why is this?

Because having a secure network should not be like healthcare, everyone should have free access to protection and bleeding edge threats was on the forefront of providing this.

Well Matt good luck my friend and thanks for all you have done, I am skeptical that the site will continue to flourish as it was your hardwork that made it the quality security resource it is.

That being said Snort 2.8.x is amazing and new attack signatures will have to be submitted somewhere, the question is will a new community portal arise to take the torch from Bleeding Edge?

Original post