Hey Joe,
I believe it comes down to three things:
1. Vendor support
2. Professional Experience
3. Leading edge technology
The primary reason people buy commercialised firewalls (or, any
commercialised product really) is due to the R&D $ the vendor has spent
in developing their product, and the reliance on that expertise for the
support of the product. In instances where an organisation comes up
against a potentially large costing business incident, they can
typically rely upon a good vendor to be there and address the issue for
them. Companies such as the Ciscos, Junipers and the Symantecs of the
world pride themselves on this level of service commitment to their
current and potential customers. Typically, support of open
source/Freeware products relies on your own expertise, or the expertise
of open forums. While there are plenty of security experts in open
forums who have the knowledge to assist you, none of them a truly
obligated to. And when crunch time comes and your network is offline,
you may not receive the desired response by going out to the open source
community (or at least one you can hold someone accountable to).
Secondly, large organisations typically don't expense their own
resources in deploying large scale solutions, especially if they don't
have prior experience. Many organisations rely on vendors and their
integration partners to design, deploy and support the solution.
Although there are a handful of integrators who are happy to package and
integrate open sourced products, you'll find that most integrators
prefer to work with commercialised products. Why? See point number one.
:) When an integrator has a problem with a solution they've deployed,
they can also lean upon the vendor for support. Vendors also usually
provide authorised structured training and certification programs, so
when you work with a security professional from an integrator that
carries those certifications, you can feel more comfortable that they
are knowledgeable in deploying the product. There is, unfortunately, not
the equivalent structure for open source products (that I know of?).
Lastly, as commercial organisations make money and have money to throw
at the development of their products, they can usually develop features
for their products which are more "leading edge". Of course, it doesn't
take long for an open source equivalent to become available... but in
most instances, there is a time difference depending on how complicated
the feature is.
I am by no means suggesting that commercial products are better than
open source (or vice versa), but am just giving some additional insight
as to why commercial products are selected, even though they may come
with a higher price tag. >:)
Regards,
Jason Ha [CISSP, CCSE, JNCIS-FWV]
Senior Security Engineer,
Security Operations Centre
VeriSign Asia Pacific
________________________________
From: Joseph (Joe) Lynn [mailto:Joe.Lynn@tiniusolsen.co.uk]
Sent: Thursday, June 09, 2005 5:33 PM
To: firewalls@securityfocus.com
Subject: Open Source vs Proprietary
Hi all,
Sorry everyone, forgive my ignorance, but I'm still a bit confused on
these issues - I don't understand why anyone would buy a firewall that
has a cost associated with it rather than just taking a bog standard pc
and installing an open source firewall on it, such as IPCop or OpenBSD
PF.
From the responses to my post about IPCop and the messages about
OpenBSD, it looks like these options are as secure as you're going to
get.
Perhaps it might be easier to configure proprietary firewalls, and they
might give better logging and analysis options, but presumably,
certainly with IPCop, and I would assume, with OpenBSD, you can find
adequate Open Source options that will provide any of the functions that
the other firewalls do (with the exception of ISA2004, which sounds like
it works with the applications rather than the packets....) - like e.g.
snort.
Do people just buy firewalls because they can't be bothered to learn to
set up Open Source systems, or is there more to this that I'm missing?
Many thanks,
Joe
