Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source For Perimeter Security

Posted by ryuzaki0 on from the people-still-afraid-of-oss dept.

An anonymous reader writes "IT Observer has a look at some of the perceived problems with an OpenSource approach to security and what could be done to improve the situation. From the article: 'There is a widespread and wholly inaccurate impression that open source development is somehow haphazard and undisciplined, a free-for-all among brilliant but uncoordinated individuals. In fact, most major open source projects are very tightly managed highly disciplined teams. This article gives examples of very successful Open Source security projects -- netfilter and Snort -- and also describes some weaknesses that need to be addressed by IT organizations or vendors.'"

3 of 56 comments (clear)

  1. Hoping for "home perimeter" security by us7892 · · Score: 1, Informative

    Since I've been dabbling in some home automation stuff a bit recently, I was hoping for a good article on some wireless home security to secure my house - open source stuff. The title was not what I had hoped...anyone know of some good "Open Source Perimeter" hardware and software that works with misterhouse http://misterhouse.sourceforge.net/, or other open source projects.

  2. Snort and Netfilter by Douglas+Simmons · · Score: 1, Informative
    Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba.

    With netfilter, you can do the following: What can I do with netfilter/iptables? * build internet firewalls based on stateless and stateful packet filtering * use NAT and masquerading for sharing internet access if you don't have enough public IP addresses * use NAT to implement transparent proxies * aid the tc and iproute2 systems used to build sophisticated QoS and policy routers * do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header

  3. Re:Well, sort of. by Anonymous Coward · · Score: 1, Informative

    The idea that open source software can't be disciplined is belied by the OpenBSD project. In the last eight years or so, they have released new versions six months apart as regularly as clockwork.