Why not?
Erm, why is the story in the top five box with a pic of the lovely Russian spyette, Anna Chapman?!
Battle joined for future of open source IPS
The battle to develop the next generation of open source intrusion prevention systems (IPS) technology is intensifying between incumbent Snort and a US government-backed project, the Open Information Security Foundation (OISF). Disagreements over technical issues such as the relative importance of developing IPS systems that …
-
-
Tuesday 27th July 2010 23:57 GMT Anonymous Coward
Call me cynical but
Sourcefire need to chill.
(a) Suricata is barely off the drawing board
(b) It is unlikely to come to fruition for a couple of years
I suspect that Sourcefire are squealing because they stand to lose a ton of money in federal contracts if Suricata becomes the federal standard. But they need not worry too much, we've all seen this movie before. The federal government kickstarts adoption of a standard and the entrenched vendors squeal a lot, then realize that they need to play nice, since the Feds are a big customer, and then the market decisively dumps that standard in favor of the defacto market standard. OSI vs the IP stack, X.400/X.500 vs. SMTP and LDAP, IPv6 vs IPv4 spring to mind.
I predict that Sourcefire will realize that they make more money by working with Suricata than against it, co-opt some of the ideas, and sell "Suricata-Snort" back to the Feds. (Everyone else in the commercial market will carry on buying 'standard Snort', and eventually the Feds will get the picture, abandon Suricata-Snort and everything will be rosy again.)
An example of this behavior is when Microsoft realized that Exchange Server was unsaleable to the feds unless it could offer Defense Messaging System compliance, so they bolted on X.400 and X.500 support whilst standard Exchange moved rapidly to an an LDAP/SMTP system. Eventually the feds abandoned X.400/500 and went to the standard product. Note that it was not a complete waste of time - a lot of the expertise MS picked up in X.500 made its way into Active Directory.
-
Wednesday 28th July 2010 09:02 GMT Anonymous Coward
In the whole world
As a computer user with some experience, I have the impression that the world is stumbling when it comes to security and privacy, and I do not like it.
I also think it is unfortunate that there appears to be no will, to want to educate people on matters of security and privacy. When you install a web browser, there are afaik no guides that actually set out to teach you how certificates work, or how encryption work, or how the internet works. It is like nobody really care for teaching others how things actually work.
Wikileaks provided a shorter video of them explaining how to behave when submitting information, and I found that information interesting in how they actually seem to want to teach you something. Would be nice I think if Wikileaks could focus on teaching people about all there is to know about the internet with the various security and privacy issues.
-
Wednesday 28th July 2010 13:00 GMT Anonymous Coward
I'm pretty sure sourcefire/snort knows what they're talking about.
amusing in that I'm currently interviewing with Sourcefire stateside. I never knew anything of their history, aside from what's on their website, or the attempted buyout from Checkpoint.
Having toured the place I can say with full-confidence that the programmers are competent, skilled indviduals. As Antti Roppola mentioned above, if they consider a multi-threaded solution as flawed from the outset, and considering that snort has IDS expertise stemming from the mid-90's and is the de-facto standard for IDS systems today, there should be no reason to question their expertise.
There's not really a whole lot you can do to innovate or improve the performance of an IDS system other than: trim the ruleset to only check for relevant items (e.g. why bother doing IDS rule checks for Solaris workstations when your company is a windows-only shop), or provide better hardware. So their project roadmap is: INCREASE RULESETS, INCREASE HARDWARE BEEFINESS, FIX BUGS 30 GOTO 10. Proof is in the pudding that multi-threading isn't going to help if sourcefire's tests are any conclusion.
Black Helicopters because it's obviously a conspiracy.
-
Thursday 29th July 2010 08:23 GMT Rob Dobs
Open Source fight = public win
Two competing camps to provide an open source solutions to the public... sounds like a win win scenario for the rest of us.
Also How relevant are ATM and Token Ring today?.....Sure they have their applications, but almost EVERYTHING I work with runs over copper UTP cables, with maybe MPLS/Fiber for backbone (which can run on ATM). I haven't even heard of a Token Ring implementation since the old Mae-East, Mae-West rings that were the core of the internet in the early 90's.
Its humpday - have a pint!
-
Thursday 29th July 2010 15:57 GMT Anonymous Coward
Good idea, Snort needs the competition
Sounds like a good idea. Snort is more like a religion now than a technology. If you dare question its capabilities online, the Snort faithful will stampede to discredit you and argue away any point you made.
However, I wonder about the companies involved. Why is Breach, a web application firewall company and IOactive, a company that does not install, use or sell IPS solutions, involved in this? Seems to me that the group needs to get some companies who actually install, sell and use IDS/IPS technologies and not just some gadflies who want press.
This topic is closed for new posts.
Biting the hand that feeds IT
