Monday, January 4, 2010

Guard Your Network With a Free Firewall

Need robust protection on a nonexistent budget? Try this open-source option.

IF YOU EVER find yourself in need of a decently robust and full-featured firewall but your budget is approaching zero, I have just the solution for you. SmoothWall Express 3.0 is an opensource, security-hardened GNU/Linux firewall. With minimal hardware requirements and a small footprint, it should work with nearly any Pentium-class PC that has at least 128MB of RAM and a hard disk of 2GB or greater. You should have at least two network cards installed for basic use—three or more if you want to incorporate a wireless network or to have a DMZ (a demilitarized zone, or a host that serves as a buffer between your private network and the outside). Keep in mind, though, that your firewall’s reliability is limited by the hardware on which you install it.


Installing SmoothWall
Don’t worry if you don’t know much about Linux. Though the geeky can get down and dirty at the command line, Smooth- Wall is easy to install and configure. It’s meant to be managed via an integrated Web interface, as well. To install, first download the 81MB ISO file at find. pcworld.com/63892 and burn it to a CD. If you need disk-burning software, try Img-Burn (find.pcworld.com/61194). Boot to the CD and run the installer, which will wipe the hard disk before it installs. Accepting the installer’s defaults is a good start. The fi rst “hard” question involves the security policy for outgoing requests. The default is Half-Open, which permits outgoing traffic except for any that is potentially harmful. You may also choose Open, which doesn’t limit outgoing traffic, or Closed, which requires that you configure what traffic is permitted.

You then need to configure your network interfaces, which will be labeled Green, Red, Orange, or Purple. The Green interface is your trusted LAN. Red is the evil and dangerous Internet. Orange is your DMZ, and Purple is your wireless LAN. Next you select which network card to assign to each role. SmoothWall will probe for and detect most cards. You’ll need to specify IP configuration, and optionally the DNS and gateway settings. You may also configure Web proxy, ISDN, ADSL, and DHCP. Lastly, you need to set a Web-interface password and a root password for command-line access. You’re done with setup. From here you can leave your “Smoothie” as is, and it behaves as a fully functional firewall. However, you can configure the most indepth features only through the Web interface. Point your browser to https://SmoothWallGreenAddress:441 and enter the admin password you made earlier.

For a free product, SmoothWall is remarkably full featured, including proxy servers, IDS, logging, traffi c graphs, DHCP, VPN, dynamic DNS, port forwarding, server health, and access control. It also provides an interface for backing up and restoring your configuration, so when your Pentium II PC kicks the bucket, you can get SmoothWall up and running again. SmoothWall Express is limited to a single CPU and 1GB of RAM, but that’s not likely to be an issue for even a network with a couple hundred users. The real limitation is the lack of support: While you can consult the robust user community, you’re mostly on your own. Of course, the commercial arm of SmoothWall sells paid and supported products, too.


Source of Information : PC World December 2009

No comments: