10/6/2005: A Dark Day for Security

The sky is not falling. The apocalypse is not near. Symantec & McAfee have not merged to corner the anti-virus market. But on this day, we see dark clouds on the horizon for the InfoSec industry.

First, Checkpoint, overlord of the software running a sizeable percentage of the world's firewalls, announced it was buying up Sourcefire, maintainer of the wildly popular and industry-leading open source Snort IDS. Within a matter of hours, news broke that Tenable Network Security, maintainer of the wildly popular and venerable Nessus vulnerability scanner, would no longer release its software under the GPL beginning with the next major release due to a "loophole" allowing its competitors to copy off of Tenable's work.

Business and economic arguments aside, these are ominous developments. For years, Snort and Nessus have both been considered the baseline to which other COTS products in their respective fields have been compared. Their open development and liberal use licenses are a big part of what made them so popular and well-known. Of course, they stand on the merits of their technology alone. But it's been the ease of access to these products that has made them so pervasive.

Some of the implications of these announcements are obvious. One that may not stand out as much, and is worthy of special note, is the impact of these announcements on small and medium-sized businesses. These companies are often the bane of security analysts, as their low-budget IT shops can't afford good security, or haven't yet realized its importance. Nessus and Snort are a staple for security-conscious IT staff in those situations, working on minimal IT budgets where vulnerability assessment scanners and IDS's are scraped together using spare parts and old equipment. Even so, thanks to Snort and Nessus, these administrators can run VA scans and intrusion detection tools that provide the same quality of results as a security team in a company with a budget orders of magnitude larger. Today's news seriously jeopardizes these capabilities down the road, which put the small and medium sized companies in an even worse spot. Less security for these companies means more zombies, more warez sites, more worms, and generally bad news for everyone.

For Nessus, this is the nail in the coffin. While Tenable plans to keep supporting version 2.0, it's only a matter of time before this development tree is EOL. Hopefully, the new license isn't too restrictive, and will facilitate continuous development and acceptance amongst individual information security professionals. Tenable thinks that it has gotten very little from the open-source community in return for its GPL'd software. While this may be true, it overlooks the fact that the open nature of the GPL is what allowed Nessus to become so prevalent in the first place.

The story for Snort is not nearly so bad. It's almost certain that Checkpoint's short-term intention is to integrate Snort into its Checkpoint NG firewall software (or whatever its next major release will be called) to create a combined IDS/IPS/firewall product offering. While this is happening, I can see Checkpoint leaving Sourcefire's product alone. What concerns me is what will happen to Snort after that? The license for Snort, once integrated with Checkpoint's closed-source firewall software, is certain to change or else the entire product will be GPL'd. The new integrated product is where Checkpoint is likely to focus their development. This means one of two things: the new features and technologies implemented in the IDS/IPS/firewall software will be brought into the Snort/Sourcefire product offering, meaning a license change from GPL, or even worse, no further development on the stand-alone Snort will be done.

The story for these two security stalwarts is far from over, and many events could transpire that make this a non-event. But for now, the future of these two products is up in the air. And for this security professional, that is a very scary thing.

1 comment:

Anonymous said...

Good site
Thank you to sharing that for us