|
Comparison of NetSPoC with CSPM
RuntimeFor a real world policy and topology with about 900 networks, 400 routers, 100 groups, 400 rules and many wildcard or any objects, CSPM needed about 3 hours to generate configurations for about 30 managed devices. NetSPoC needs less than 30 seconds for the same task.
Import / ExportThere are no documented import or export functions for CSPM. NetSPoC uses a simple, well defined language stored in plain text files.
Multi user operationWhen using CSPM, only a single user is allowed to change the database. For NetSPoC, the topology and policy description may be split into different files, which may be changed by different users simultaneously.
Version ControlChanges of the CSPM database can't be version controlled. The text files of NetSPoC's language may be easily be integrated into a version control software like CVS. This is in particular important for the task of security management.
Operation systemCSPM runs only on windows NT (next version W2k). NetSPoC is written in perl and should be portable to many platforms.
Graphical user interfaceCSPM provides a graphical user interface which is nice to use for a small to medium size topology. It becomes nearly unusable for a large topology. NetSPoC provides no GUI at all.
IPSec & NATCSPM supports the definition of IPSec tunnels and network address translation. This isn't supported by NetSPoC currently, but planned for the near future.
Transferring code to managed devicesCSPM has build-in support for transferring generated code to the managed devices. NetSPoC uses separate scripts for this task which are currently not made available.
Policy description languageThe policy description language of NetSPoC is similar to CSPM's graphical policy and topology description, but there are differences:
|