Closing the case on network firewall security with IPCop

The IPCop firewall supports multiple network segments -- trusted, un-trusted and semi-trusted -- for wireless networks and DMZ. It runs very well off old 486 hardware or can be bulked up to handle gigabit-speed networks. IPCop is stable, has an easy-to-use graphical interface, and since it is based on Linux under the hood, it's free.

IPCop is a breeze to install: download the software and create a boot disk. The installer creates a complete, hardened system that has the option of running completely off of a flash memory card. Like many gateway routers, IPCop handles DHCP leases, DNS and network time protocol, plus it has several extras that make it stand out.

For more information: In this tip, security pro Mike Chapple discusses the rule bases for building an application firewall.   Security expert Ed Skoudis discusses how to interpret firewall security alert messages. In this expert Q&A, Mike Chapple provides three important points to consider before buying an enterprise firewall.

For starters, IPCop comes with Snort, an excellent intrusion detection system (IDS) built-in. Snort uses a signature-based detection engine to analyze the contents of packets, and triggers an alert on malicious activity. VPN support allows for secure tunnels between other IPCop servers or with just about any other VPN product using IPsec. Authentication can be done with pre-shared keys or X.509 certificates. Web proxy and content caching is built-in to speed up Internet surfing. Traffic shaping is also built-in to allow designated traffic to be given priority. IPCop's Web GUI provides information about firewall and network status, graphically showing usage trends, traffic graphs and active connections.

IPCop's stateful firewall keeps track of connections to and from each zone based on the source and destination IP addresses and ports, as well as the state of the connection itself. The zones are color-coded, making it easy to understand where traffic is going. Information on individual connections is displayed and each connection from or to your network segments is shown. Being stateful, only the packets that are consistent with the current state of a connection will be allowed through the IPCop firewall.

You can pay a lot more money for a firewall with as much built-in functionality, but IPCop is not just a free network firewall, but one good enough to keep your network free of bad packets.

Scott Sidel, CISSP, is an Information Systems Security Officer (ISSO) for Lockheed Martin.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Network Security: Tools, Products, Software,   Network Firewalls, Routers and Switches,   Enterprise Network Security,   Application and Platform Security,   Open Source Security Tools and Applications,   Scott Sidel's Downloads,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Firewalls, Routers and Switches How to prepare for a secure network hardware upgrade Best Network Firewall Products What is the difference between static and dynamic network validation? Screencast: Smoothwall offers firewall defense in lean times New Cisco IOS bugs pose tempting targets, says Black Hat researcher How to implement virtual firewalls in a complex network infrastructure How to manage network bandwidth with distributed ISP bandwidth Firewall rule management best practices Should enterprises be running multiple firewalls? What are the disadvantages of proxy-based firewalls? Open Source Security Tools and Applications PuTTY configuration tips: How to connect to remote network systems Screencast: Find rogue wireless access points with Vistumbler Screencasts: On-screen demonstrations of security tools H.D. Moore on future of Metasploit attack platform H.D. Moore speaks about Metasploit Project deal, Release 3.3 Screencast: How to launch an OpenVAS scan Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 SSH key compromise shuts down Apache website Screencast: Smoothwall offers firewall defense in lean times Scott Sidel's Downloads Use BotHunter for botnet detection Review system event logs with Splunk FISMA compliance made easier with OpenFISMA Ophcrack: Password cracking made easy Enigmail: Wrapping email in a digital security blanket Secure file copying with WinSCP FreeRADIUS: Acing a secure connection Spiceworks: Free network monitoring and management with a little zest VirusTotal: On-demand antivirus service scans malicious files Shining a spotlight on rootkits RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bastion host  (SearchSecurity.com) firewall  (SearchSecurity.com) Firewall Builder  (SearchSecurity.com) screened subnet  (SearchSecurity.com) virus  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.