Network Security Concerns? Consider Open Source

When Dan Nickason took over as IT supervisor for Genesis Physicians Group, a physician association, he was surprised to find very little in the way of network security. Other than Symantec anti-virus software and a Cisco Systems PIX firewall, there was nothing that truly prevented security breaches.

After looking at a few commercial network security managed services solutions, Nickason decided to go the open-source route, installing pretty much everything offered by Untangle. That included tools for blocking viruses, spam, spyware and phishing, as well as intrusion prevention, a firewall, remote access and monitoring tools, and routing and QOS (quality of service) tools.

"We wanted something we could handle internally that was cost-effective," Nickason said. "This works for us, and it only costs us about $800 per year."

Nickason's choice to turn to open-source tools for network security is one more and more small and midsize businesses are making, partly because of cost constraints, but perhaps even more because open-source tools in the network security space have come of age. Today's tools are easier to use and have more support available than ever before.

"Open-source tools for network security have been around for years, but starting with Sourcefire, which brought more tools together and increased support, open-source tools for network security have become a viable option," said Jay Lyman, an open-source analyst with The 451 Group.

However, plenty of IT managers are understandably reluctant to take a chance in an area of business that has so many hidden dangers.

"Security is critical, and there is a natural hesitation to go out on a limb," Lyman said. "While you may feel comfortable experimenting on a content management system, some feel it's better to go with a known commodity when it comes to security."

For one thing, open-source network security tools aren't—and probably never will be—as easy to use or as supported as commercial options.

"There is a double-edged sword with open-source tools," said Eric Maiwald, vice president of security and risk management strategies at Burton Group. "On the one hand, they cost less. But using them implies that you have the expertise on your staff to implement, customize, configure and manage the tool with little or no support."

While Untangle seems unusual in its focus on support, Web sites, discussion groups and chat rooms for other open-source network security tools such as Nessus and Snort can be found via vendor Sourcefire. "But once you start needing real support, they are going to charge you for it, and at that point, you might as well start considering their commercial tools," Maiwald said.

However, he said, for businesses with employees who have the expertise and time to experiment, open-source network security tools can be a great way to go. Often, the basic features are the same as those of commercial tools. For example, Snort's network traffic engine is very similar to the commercial engine sold by Sourcefire and other vendors. But these tools lack the bells and whistles, including centralized management capabilities.

In some ways, Untangle represents a new breed of open-source vendor that straddles the line. Its increased support and a la carte approach might appeal to IT managers who are somewhat reluctant to take a chance on open source, especially when it comes to network security, Lyman said. Although its basic product suite is fully open source, the company offers unusually comprehensive support.

And since the product suite is modular, it's possible to mix and match some proprietary offerings with some open-source offerings. For example, Untangle's open-source anti-virus offering is based on Clam AntiVirus, designed for e-mail scanning on mail gateways, but customers uncomfortable with open-source anti-virus protection can use Kaspersky Lab's Virus Blocker, now sold by Untangle, for $20 per month for up to 50 users and $100 per month for more than 150 users.

Untangle also seems to be more user-friendly than typical open-source tools. Nickason, for example, described the tools as extremely graphical and user-friendly. "Almost anybody on our staff can do almost anything themselves, and we've found the support to be good," he said.

If planning to take a chance on open source, consider cost carefully, Maiwald said. "Open-source tools aren't free; the cost of the employee's time is a real cost," he said. "You might save $10,000 on an intrusion detection system, but the cost of the employee's time to implement and manage it might make you reconsider."