In response to numerous requests, The Open Source Development Corporation has issued a pre-alpha release of the Integrated Secure Communications System (ISCS). ISCS seamlessly combines Access Control, NAT, VPN, Routing, User Authentication and Security Policy Management into a single network security environment. ISCS is not a GUI firewall rule configurator. It is a security environment configurator which produces consistent rule sets for a variety of security subsystems on a variety of platforms from different vendors. It is a very different approach to network security. Neither we nor any of the major vendors and enterprise organizations to whom we have presented the technology have seen anything similar in either the proprietary or open source world. The results are a much more flexible and secure environment with an over 90% reduction in security configuration time. It makes true, multi-layered, network compartmentalization realistic and manageable. The project home page is http://iscs.sourceforge.net and the download page is http://sourceforge.net/project/showfiles.php?group_id=72799 Please continue reading if you would like more information. ISCS has the potential to demonstrate the power of the open source development model. Far less efficient and innovative commercial offerings carry five and six figure price tags. The open source community can produce a better solution. The key is the support community. ISCS is an enormous undertaking. It requires skills in C, C++, SQL, GUI design and development, embedded systems, open source and proprietary firewall systems, open and proprietary VPN systems, open and proprietary routing systems, open and proprietary IDS, IPS, Content Filtering, Virus Scanning, Layer 1 and Layer 2 configuration for open and proprietary systems, wireless technology, PKI, documentation, SSH, SSL. The list is endless. The ISCS road map is published below. It may change based upon sponsor funding and the skill sets of the volunteer support community. If you seen something that interests you and you have at least eight hours per week to contribute to the project, please contact the Open Source Development Corporation at info@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx Version 1.0: Complete automatic configuration of *swan based IPSec VPN Complete automatic configuration of iproute2 routing Complete simple integration of PKI Version 1.1: Logging, monitoring and alerting Troubleshooting and analysis tools Policy evaluation Enhanced system administration and database management Version 1.2: More database enhancements Ability to save edit sessions Online help Segment the administration environment into different "VPN clouds" Enhanced response to security emergencies Enhanced self protection for gateways Version 2.0: Extended user authentication - RADIUS, LDAP, Active Directory, e-Directory, SecureID tokens, CAC, SmartCards, etc. Delegated administration, i.e., different administrative rights to different parts of the database, e.g., Managed Service Providers able to delegate some administration rights to their clients. Environment consistency checks Application proxies Security based upon protocol specific options, e.g., URI for HTTP Live fail-over Enhanced search and navigation functions for the GUI Security Policy Manager The ability to schedule updates based upon universal or local time Implement pre-configured server templates for the quick creation of server objects Patch management Relaying Internet traffic Provide options to build Mesh, Hub & Spoke and Hybrid VPNs Ability to change root CA Nested gateways Implement QoS Encryption and Authentication based upon the needs of the data rather than the configuration of the tunnel View and manipulate data flows VPN based upon native Linux and BSD VPN based upon OpenVPN VPN based upon proprietary IPSec stacks Firewall based upon BSD Integration with ISC DHCP for DHCP-over-IPSec Full PKI integration User customization of Security Policy Manager settings Version 3.0: Registration service for mobile gateways Gateway rule optimization An SSL type VPN RAS component Change a gateway's DBD Add time as a factor for access control decisions Add location as a factor for access control decisions Integrated IDS/IPS Integrate Anti-Virus Integrate Content Filtering Implement an inherited rights mask Added intelligence to DBD Hierarchical change distribution Integrate network security devices from Cisco, Nortel, Netscreen, WatchGuard and others - create a vendor independent management console Integrate security gateways and wireless access points Integrate mobile devices (mobile phones, PDAs, embedded systems, etc.) -- John A. Sullivan III Open Source Development Corporation Financially sustainable open source development http://www.opensourcedevel.com
