Products &
Services
Company
Profile
UNIX
Resources
Open-source
Expertise
Helpful
Links
Contact Us
Comments?
Home
|
Attached below is a table of commercial products we typically find in a company environment, and possible
open source replacement(s) available, usually for free. Our predilections and experiences are also listed
in the Comments column.
| Category | Commercial Software | Possible Open-source Replacement | Our Comments |
| Core Infrastructure |
Microsoft Exchange
Netscape iPlanet
Microsoft IIS |
sendmail
qmail
BIND
apache
webmin
|
The vast majority of the internet runs on open source software beacons such as BIND, apache,
linux and sendmail. These are so well known that our comments are probably quite unnecessary. Very briefly, BIND is
almost without competition for running DNS, qmail is simpler than sendmail to maintain but lacks some advanced
features and is not as mature, and apache is by far the most common web server used on the internet.
Our expertise can help you configure and maintain your infrastructure using the above products to your
customization. Most engineers at Brains2Bytes have significant experience in a variety of such infrastructure
products.
|
| Backup Software | Veritas NetBackup, Legato Networker |
Amanda |
Both Netbackup and Networker are solid, easy-to-use and easily configurable after they have
been set up correctly. They both have nice point-and-click GUI interfaces. You can backup almost all client types. If you require database backups while
on-line, you could get add-on products from your vendor to accomplish this. It would cost you bundle though.
Amanda does not have a GUI interface, and its one disadvantage is that it cannot span tapes. You have
to use SAMBA to backup Windows-based hosts. For
on-line database backups, you could use your database vendors' API to accomplish this via the command line. Amanda
also does a good job allowing you compression and encryption at both client and server level. Since Amanda uses standard
tools for creating dump images, so only these tools are required to restore if Amanda is not available. Most tape
storage libraries are supported.
We would recommend configuring Amanda initially for all non-critical backups. Once you are comfortable, we
could help you include all your backups. You would not get a GUI, but do you really want your backup adminstrator
to be reliant on a nice interface to do his job? At the least, you could negotiate with better leverage when your
backup vendors' licensing comes up for renewal :-)
|
| Inventory/Asset Management Software | Too many to name |
Alist |
Of course, we're totally unbiased after writing and GPLing our open-source contribution :-)
Alist is a system of software designed to gather, store and display hardware and software
configuration information of large numbers of machines. Information is gathered by an automated client program
on each machine and sent back to a server which processes the information and stores it in a database for searching
and display via a web interface
|
| File Integrity Check Software | Tripwire |
AIDE,
cfengine |
Tripwire on Linux is free, but there is a fee for other platforms. AIDE is free. However, AIDE
is supported on unix platforms only. So unless your gateway servers are running Linux or Windows, we would recommend
trying out AIDE. However, if you have many gateway machines you have to track, the commercial Tripwire
Manager is handy as a centralized management console.
Both systems have the same basic features, though the Tripwire reports are really impressive. Both
create a database using rules defined in a configuration file. Tripwire supports signed databases, so it is more
difficult to tamper with. Though we have not performed the tests ourselves, we understand the AIDE processes files
significantly faster than Tripwire.
We like cfengine, a tool for synchronizing systems to a known configuration in case of change, a
whole lot. Though it is a synchronization tool, it could also be used as a file integrity checker. We can help you
set up an environment that handles both intrusion as well as accidental changes by legitimate users.
|
| Monitoring Software | HP Openview, IBM Tivoli, BMC Patrol, Mercury Sitescope |
Nagios,
Big Sister,
MRTG,
Cricket |
This is a vast area which overlaps into network management tools. Monitoring is the
detection software. Management includes both detection and control to try to fix problems automatically.
Understandably, most administrators are hesitant to allow the management software to completely 'take over',
since modern infrastructures are so complex. Typically, the commercial packages are marketed as
all-encompassing, and can be used for fine-grained control of most systems. Since every application is different,
any control to be exercised by the commercial software has to be programmed by an administrator, though the execution is
integrated into the package environment. However, they are expensive, require extensive setup and customizations,
and require continual maintenance of its operations - typically there are full-time employees just to handle
these commercial packages. The most popular open source solutions are generally efficient monitoring packages, and
typically do not attempt too much of control. A good administrator programs the control steps and sets up
manual or automated execution mechanisms, based on monitored data.
On the systems monitoring side, we support Nagios, which encompasses the good ideas from other similar tools
such as Spong or Angel. We believe this comes closest to the commercial tools in terms of richness of
features, security and 3rd party add-ons. For smaller networks, we recommend Big Sister or its predecessor,
Big Brother, for a easy-to-use system with good graphic displays. It does lack some features, most notably
event history and SNMP support. For pure network devices load monitoring, we can help you implement Cricket or
its predecessor, MRTG, for a clean, web-based solution.
|
| Security Software | Too many to name |
Snort,
Nessus,
PGP,
TCT
| Numerous sites and networks are hacked because of inadequate preventive measures taken by administrators. A
single attack can result in significant monetory damages, in addition to loss of intellectual property, customer confidence, business
liability and recovery costs. The best defense against attacks is a combination of tools and policies that allows you to safeguard
your systems, provide timely information about attacks or attempts, and yet keep false alarms to a minimum.
A basic security model should include user policy, firewalls, hardened machines, intrusion detection systems (IDS), auditing mechanisms and
an incident response plan. We should be able to help you in all of these areas.
We like using the flexible Nessus software for security and vulnerability scans, the free Snort IDS for intrusion detection and
encrypting software such as PGP or SSH for your data traffic. In other words, with your permission, we will try to break into your
systems using some of these tools, and provide the feedback and changes you need to stay on top of this ever changing game.
|
|
|
