A Word About Firewalls

[mr-chris]

A door is only as good as the lock you put on it when it comes to security.

Your computer too is the same.

Look at it this way. You can lock your valuables in a box and they are so, so. You can lock the bedroom door and the valuables, as long as they are in the bedroom, as reasonably secure.

A thief or in this case a hacker can still get into the house and hack through the door.

Much the same for software firewalls. The hacker is already within the network (or modem) and has little work to do to gain access.

You don't have to spend an arm and a leg to get 'real' security.

What this effectively does is 'brick up' the door to the house. Unless you invite the visitor in, he or she is out!

How to do it professionally and dirt cheap?

An old computer and Smoothwall 2. (http://smoothwall.org)

It'll turn the old system into a 'full' dedicated FIREWALL!!!!!

It's a brick in the hole that to date hasn't been hacked.

Version 3 is out as beta but for most people, version 2 should be the way to go until 3 is proven.

How much? FREE! Where is Smoothwall? UK! Can you buy it? Yes but the commercial version will cost an arm, leg and probably a bit more.

My advice having used it for over a year is don't mod it. Just apply the 7 updates (to date) and boot it before you start your network (or com as the case may be). It's a router too with features that make any other look silly.

There! Glad I could give something back to the community.

[bartender100]

I must admit I'm no expert in these things,but this does look like its for Linux users,I can't find any mention of windows on the home page.

Anyone else had a look at it?

[Temp]

Smoothwall assumes that you run it on a standalone computer as all firewalls should be for maximum security. It's platform is GNU/Linux, but that would not matter to the users behind the firewall who can use what ever operating system they want as long as it has support for TCP/IP. It would not matter so much to the administrator(owner if a home user) either because it is more like installing a program onto that standalone computer that will be used as a firewall and the configuration can be done from a web-browser on any operating system that has one. I guess Smoothwall is based on iptables that is a part of the linux kernel and provides a packet filtering framework.

Although I do not use Smoothwall I do use iptables as a combined NAT router/firewall for my network of 1 XP machine, one win2k machine and one linux machine. I will grant that because I set it up myself on a linux machine that it requires some linux knowledge. Smoothwall however tries to avoid the requirement of knowing linux by having a simple install and providing an interface through a web-browser that can be reached from another machine running windows or OS X.

So you do need the following:

1.A very low-end cheap machine and a couple of network cards that works with smoothwall(I would assume most do).

2.An average knowledge of how to use new programs and reading a manual. This knowledge can very well come from a windows users point of view.

A lot of windows users read marketing propagande from microsoft and shareware authors that make programs that run on your machine and acts as a firewall to make you secure. Although this of course helps it is common knowledge in security community that to have the best level of security the firewall should not run anything at all besides the firewall itself. Any additional services or programs could introduce new unknown security flaws. Hope this helps. :-)

[RDN]

I use ZoneAlarm Pro. Is it no good?

[Temp]

It is ok, but it's not as good as having a standalone machine that only runs a firewall. :-) Now this is also a question about how good security you think you need. Are you the Pentagon or are you just Mr.Smith on the internet without too much to loose if compromised? I of course prefer to secure myself the best I can even though I would not put myself in the category of Pentagon. But also pentagon has been hacked in the past so there are never such things as sercure/not secure it is always a quiestion of level of security. You must decide if the added security is worth the money and work invested in such a standalone firewall.

I am not saying that firewalls running directly on the home computer does not help, I am just saying that they CAN be attacked from the inside by something you let in if you use a network or the internet. Such a firewall does help but it is not best practice because of this.

Cheers

[johng]

Well mr-chris and Temp just about covered it all really,

so I'll just add that I have used Smoothwall version 1 ( IP chains at that time )

shortly after I started using it a number of the team of developers decided to split from the original project and make a new firewall called IPcop ( this is still totaly free, no comercial side like Smoothwall )

IPcop is what I have been using for the last 3 years,to protect my lan and it works very well indeed.

Obviously it would be overkill having this setup to protect just one computer.

[astral]

I use ZoneAlarm Pro. Is it no good?

<{POST_SNAPBACK}>

That is my choice too!!

[francois]

hi'

network and firewall ...

it really doesn't matter if your firewall is running Linux or windoz and imho, it's the best way having a machine dedicated to this.

we talked about IpCop distro, it's the same!

and I say again, for home use it's only for paranoid or hackers

you have thousands time better to buy a routeur with a firewall included, then run a good software firewall like zone alarm

the cheapest solution and for home users, can set it up for port forwarding and all tricks to be quite invisible to port scanners

that's what I use

and it works fine with all OS, from windoz to Linux and any Un*x

francois

Edited November 15, 2005 by francois