comparison (on functionality) between open source and proprietary firewall solutions

What? Do you think that an open source solution is better than a proprietary solution or a proprietary solution is better than an open source solution?

They are just programs open source and proprietary that are written by fallible Human Beings -- no more or no less.

IMHO, it comes down to who who is at the wheel configuring the solutions. Does he or she have the expertise to use the solution is the bottom line?

For an open source or proprietary host based software FW solution, does the user know how to configure and secure the O/S platform the host based FW solution is running on, along with having expertise in the FW solution on how to configure it properly?

If you're talking personal FW(s), they don't fall into an Internet gateway FW solution catagory. The top of the line host base Internet gateway solution FW open source, proprietary or otherwise, should be just about equal in their performance and capabilities in providing a FW solution, IMHO.

I myself will go with a proprietary solution 99.9% of the time software or otherwise in case I need to reach out and touch someone. That's just me and others may take a different view on the matter.

Duane :)

the idiot configuring it decides the outcome. E.

[..snip..]

I was hoping to find out. I'm talking about network firewalls b.t.w., not host based firewalls. I agree with all of you that it depends on the administrator, I also agree with all of you that it is all just software written by humans.

In some places (public sector), however, there is a political demand for open source products. I was wondering if there are certain techniques that are worse/better implemented in open/closed products (or not at all). So if you have the perfect administrator who knows everything, why then choose juniper/cisco/checkpoint or why choose openbsd/linux ?

Does anyone know a report about this subject?

Olivier

What political demand are you talking about? There is a consumer demand and that's about it.

I was wondering if there are certain techniques that

Any solution FW or otherwise is based on the needs or requirements for a given solution by the user needing or using the solution.

The link may or may not help you.

Duane :)

I will say, that if you have the perfect administrator who knows everything

*and* has the time to keep up with all the new developments, you can achive very nearly or even equal to the function of a commercial product.

That's a very big "if" however.

-Russ.

Look for "Certified" test results, that's all that matters. If the product can't be certified then it's anyone's guess as to how secure it can be.

Does anyone ever try to certify the open source solutions?

Just curious.

-Russ.

I don't know.

The way I look at it is like this:

1) Certified solutions are a given, in most cases you can be sure that you cand build a quality solution with few problems.

2) Certified solutions often, if you read the testing/revision history, show a track record for vendors solutions.

3) Open Source solutions are mostly uncertified because of many factors that Certified solutions don't contend with.

4) O/S solutions often are installed on many platforms and often have more than the firewall installed - they often include helper applications.

5) O/S solutions appear to offer some very nice solutions, but I can't risk customers networks on uncertified solutions due to liability.

I would install an O/S solution in my home, in my own (personal) office, but not for a client. If I could get a firm O/S platform/solution that was certified, I would gladly test/install it.

Yes, occasionally. The process that occurs in most govt's is an entity defines a security level, then tests and certs what products in what configuration are acceptable for use in that environment:

all (or none) OS products on that list. I am unaware how products get nominated for testing in the first place. I assume the vendor discusses it with the Govt rep during an all-expenses-paid 'seminar' in Fiji or the Bahamas ;-) E.

Astaro is a certified Linux solution. All the components are open-source although the complete package is proprietary. Since they also sell appliances (with the same operating system) the cert *may* only apply to the appliance--I'm not sure about that.

I've not seen where any solutions, where you build it yourself, are certified, as there are too many variables. The vendor delivered solutions can be certified, like ChechPoint solutions, but I've yet to see a self build solution certified.

Thanks for the info and the smile.

-Russ.