Friday, October 14, 2005

Firewalls Pt 2

Español | Deutsche | Français | Italiano | Português

I suppose a bit of explanation is required for this posting. I promised that I would write the second of two articles on Firewalls as soon as I could. Well, here it is! Finally! Why did it take so long? Because of my need to check out everything I write about, I have been busy testing the various firewall packages I'm going to tell you about. This kind of testing takes a lot of time. Oh, installing each firewall and letting it work while I monitor it isn’t hard work or anything. Sort of like watching grass grow, if you know what I mean.

The process I followed included installation and configuration as well as some time to allow the firewall to actually do its intended job. That last part is what takes time. Fortunately, since I have a small network here, so I can cause a few things to take place, but it’s waiting for the outside world to impact my environment that takes all the time. That and the fact I have only one system to test the software.

What I was looking for was the ability of the firewall software to stop both inbound and outbound traffic. All of these packages will do that for you with a minimum of fuss and bother.

If you're thinking Microsoft XP SP2 firewall module answers the question of proper fire walling of your system, think again. It does a fair job on the inbound side but it does nothing for blocking outbound. That means that if the attacker figures out how to get around the inbound blockade, they can do whatever they want to your system like streaming data , reading files, etc. Not good.

I’m also going to have to take back something I said in Part 1. If you’re doing dial-up connecting, you need a firewall. In fact, ANY computer attached to any mode of communication will benefit by having a firewall installed. Dial-up, DSL, Cable, LAN. Yes, LAN! Even systems in a ‘protected’ environment like PCs on a LAN in a place of business are better off if a firewall is installed and properly configured.

I’m going to tell you about two types of firewalls. The first is a software/hardware combination and the second is a software package you install on your PC.

Smoothwall is a software firewall that is built around a Linux core. When downloaded, it is an ISO image that you burn onto a CD. You need a separate PC with two or more network (NIC) interface connections and a multi-port hub. The PC doesn’t have to be ‘state of the art’. In fact, an older 486 machine will work fine. You install Smoothwall on the PC, make a few configuration settings and you’re ready to go. Just install the PC between your system and the outside world and you’re pretty much set. The software has an extensive manual so you’ll have to do some reading to do, but it will be an interesting way to learn fire walling. I will warn you, though.

The Smooth Wall folks say it like this:

The initial design goals are still the foundation of SmoothWall Express today:

1. Be simple enough to be installed by home users with no knowledge of Linux
2. Support a wide variety of network cards, modems and other hardware
3. Work with many different connection methods and ISPs from across the world
4. Use a web browser to manage and configure the software

SmoothWall Express is intended for use by anyone from a home user to a systems administrator. It can run on almost any PC from a 486 upwards, which becomes a dedicated firewall appliance (the SmoothWall box). Apart from the PC, all that is required is an Internet connection and some simple networking equipment to connect the SmoothWall firewall to the rest of your local, private network.

The current stable version is ver. 2. The download is a bit over 46 Mb with the manuals included and 33 MB without manuals. The 13 Mb of manuals covers everything you can imagine and then some so go for the larger of the two downloads. Version 3 is also available but it’s still in test so wait a while to collect it. So, if you have a spare PC laying around, this package will do a good job for you.
Smooth Wall

Another package, Gibraltar, is a firewall and router package, based on Debian/GNU Linux, which meets all individual requirements for a state-of-the-art firewall. Independent of the kind of Internet connection (dedicated line, DSL, dial-up connection), Gibraltar provides for secure connections. Gibraltar

Software firewalls is covered in Part 3.