Monday, June 23, 2008

Open Source IDS, Firewall, VPN Gateways

A few years back, if a SMB(small and medium business) shop wanted to install Firewalls, Network Intrusion Detection systems, VPN Gateways, etc. then it needed to shell out hundreds of dollars for commercial software from giants such as Cisco, Juniper etc.

But in the last few years, we have a slew of options available from the open-source world. I have been closely watching 2 products in this space:

1. Snort

Snort is an open source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.
Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump, a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion prevention system.

2. Untangle

Untangle delivers an integrated family of applications that help you simplify and consolidate the network and security products you need, in one place at the network gateway. The most popular applications let businesses block spam, spyware, viruses, and phish, filter out inappropriate web content, control unwanted protocols like instant messaging, and provide remote access and support options to their employees

Today Snort has become the de-factor standard for IDS. Even Untangle uses Snort for its IDS application. I was impressed with the range of applications available on the Untangle Gateway Platform. It includes SPAM blocker, Web Filter, Firewall, IDS based on Snort, VPN Gateway based on OpenVPN, a patented attack blocker, etc. A must try-out product :)