Security Basics mailing list archives
Re: all-in-one vs one-on-each (feat. Comercial vs FOSS)
From: "Mike Hale" <eyeronic.design () gmail com>
Date: Sun, 25 May 2008 11:56:01 -0700
One additional thing you need to look at is the ongoing cost. Sure, the snort software is free with an additional charge for the subscription, if you need it. But you also need ot factor in the cost of the Snort admin. Snort can generate a lot of alerts, and it wouldn't hurt to write custom rules based on your environment. How much is your time worth? I like using different programs/devices for different things. It keeps things clearer and cleaner in my network. I'd say get a good quality enterprise firewall, and invest in the training to configure it properly. After the firewall, set up a snort sensor, and again, invest the time and money to do it properly. An IPS can be a powerful tool, but I'd get the firewall and IDS first. You may also want to consider scattering a few snort sensors throughout the network. That way, Snort can catch traffic that never passes through your external routers. On 5/25/08, Alex <alex.tsr () gmail com> wrote:
-----Original Message----- From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> To: security-basics () securityfocus com Subject: Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Date: Sat, 24 May 2008 17:38:12 +0200 On 2008-05-24 Alex wrote:I would like some opinions, again. For a fixed budget would you go for * an all-in-one "Firewall" ( FW+IPS+VPN+...) ie. Checkpoint, * a dedicated, known and expensive firewall/gateway with the company of an Open Source solution for IPS, URL filtering etc? * a full Open Source solution (iptables,snort,ossec,squid etc) and spend the money elsewhere :) The things that concern me are, Redundancy. I can live without IPS for a while but not without Internet ( and by "I" I mean "The Company") Scalability. Not only performance-wise but cost-wise too. I think that having to pay for every "extra feature" is going to lead to Open Source anyway... Complexity. Better to manage one than more, right?...The answer to your question depends heavily on the actual requirements, your network topology, your admins' expertise, and what kind of "fixed budget" you have. Regards Ansgar Wiechers Lets say that, the admins expertise is not a concern, the network is a simple one, several internal vLANS and a DMZ with a dual-ISP internet connection, the budget is $10k To make things clearer I'm not necessarily looking for the cheapest solution. I want to know where would you put more weight (money). Is it better to buy a $10k firewall + Snort, a $5k firewall + $5k IPS, a $10k all-in-one solution. i.e. would a commercial IPS justify its $5k against Snort? Thanx again.
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Current thread:
- all-in-one vs one-on-each (feat. Comercial vs FOSS) Alex (May 24)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Ansgar -59cobalt- Wiechers (May 24)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) korozion (May 24)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Alex (May 25)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Mike Hale (May 26)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) John Jasen (May 28)
- Re: all-in-one vs one-on-each (feat. Comercial vs FOSS) Ansgar -59cobalt- Wiechers (May 24)