Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Blogs
Latest Comments
"You should hire people to fight trojans and stuff"
on Best Western falls victim to major hack
by Me | Aug 29, 2008 7:27 AM
 
"Not exactly an innovative feature Microsoft. Other browsers have had this capability for a long ..."
on IE 8 to sport traceless browsing
by Chris Jones | Aug 28, 2008 7:38 PM
 
"Hey"
on PGP Whole Disk Encryption 9.5
by Emilio Garcia | Aug 27, 2008 2:53 AM
 
"adfdas"
on HP WebInspect 7.7
by ddd | Aug 26, 2008 4:24 PM
 
"i have seen a few iPhone porn sites and while most of them are crap I did run across one that ..."
on iPhone porn on the up
by gate | Aug 23, 2008 6:30 AM
New - The SC Magazine Labs Blog

Some Thoughts About Open Source

  • Email a Friend
  • Print Page
By Peter Stephenson
Aug 16, 2007
Mike and I were looking for a good SSL VPN for a project we’re working on.

Our current VPN is the open source OpenVPN and we really like it.

However, for this project we need something that is clientless and that ain’t OpenVPN.

We looked at several commercial products (there will be a good review of those products coming from Justin next month) but given that this is a pilot project that may go nowhere we were reluctant to spend a lot of money just to see if it works for us.

So we set out looking for an open source SSL VPN and we found a terrific one called VPN Explorer.

It’s on SourceForge if you’re interested and, although we have not tested its security yet, configuration, management, ease of use and feature set all are extraordinary. It looks like just the ticket. So why not open source for everything?

I had a student once who believed that if it was not open source it was not worth having. While I won’t go quite that far, I do believe that there is a solid place for open source products.

As you may have noted it is not unusual for us to include them in our group reviews where appropriate. There are some problems, though, that need to be considered.

Perhaps it would be better to class these as potential problems because they are not pervasive.

In forensics, where I spend a great deal of my time, the idea of open source is just starting to catch on after several years of availability of open source forensic tools.

This is because the courts finally are learning how to deal with non-commercial tools. It really has nothing - or, at least, very little -to do with quality. This is a good object lesson. The down side of most open source tools is not quality.

Quality tends to be very high, especially in the more popular tools. Snort, for example, has a huge user community as does Nessus. The problem is supportability.

If an application is not supported strongly and if it does not have reliable, secure download sites it is less that useless - it is dangerous.

Some organisations refuse to allow open source applications on their networks. For these I suggest that you rethink that policy. If the product is strongly supported bring it in house and become the secure, reliable download site. You will save money and get a very good product in most cases.

The caveats? Investigate the product and its support community/developers very carefully. Download a reliable, safe copy as your distribution copy.

Make sure it is documented appropriately - a typical stumbling block. And, finally, compare with commercial versions to ensure that you really are getting the best deal. Just because it’s free does not mean that it is the best value.
 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below: