Closing the case on network firewall security with IPCop

The IPCop firewall supports multiple network segments -- trusted, un-trusted and semi-trusted -- for wireless networks and DMZ. It runs very well off old 486 hardware or can be bulked up to handle gigabit-speed networks. IPCop is stable, has an easy-to-use graphical interface, and since it is based on Linux under the hood, it's free.

IPCop is a breeze to install: download the software and create a boot disk. The installer creates a complete, hardened system that has the option of running completely off of a flash memory card. Like many gateway routers, IPCop handles DHCP leases, DNS and network time protocol, plus it has several extras that make it stand out.

For more information: In this tip, security pro Mike Chapple discusses the rule bases for building an application firewall.   Security expert Ed Skoudis discusses how to interpret firewall security alert messages. In this expert Q&A, Mike Chapple provides three important points to consider before buying an enterprise firewall.

For starters, IPCop comes with Snort, an excellent intrusion detection system (IDS) built-in. Snort uses a signature-based detection engine to analyze the contents of packets, and triggers an alert on malicious activity. VPN support allows for secure tunnels between other IPCop servers or with just about any other VPN product using IPsec. Authentication can be done with pre-shared keys or X.509 certificates. Web proxy and content caching is built-in to speed up Internet surfing. Traffic shaping is also built-in to allow designated traffic to be given priority. IPCop's Web GUI provides information about firewall and network status, graphically showing usage trends, traffic graphs and active connections.

IPCop's stateful firewall keeps track of connections to and from each zone based on the source and destination IP addresses and ports, as well as the state of the connection itself. The zones are color-coded, making it easy to understand where traffic is going. Information on individual connections is displayed and each connection from or to your network segments is shown. Being stateful, only the packets that are consistent with the current state of a connection will be allowed through the IPCop firewall.

You can pay a lot more money for a firewall with as much built-in functionality, but IPCop is not just a free network firewall, but one good enough to keep your network free of bad packets.

Scott Sidel, CISSP, is an Information Systems Security Officer (ISSO) for Lockheed Martin.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Firewalls Is it possible to allow select access to IP addresses using Windows Server 2003? Sophos finds patching issues through endpoint NAC tool Fortinet acquires database vulnerability scanner from IPLocks Is an IPsec VPN necessary when connecting remote servers that process financial transactions? Embedding security has drawbacks says TippingPoint chief architect Is security improved when the number of Internet gateways is reduced? Nipper audits routers, reveals insecure settings Product review: Netgear's Netgear FVS336G ProSafe Dual WAN Gigabit Firewall Product review: Tufin's Tufin SecureTrack 4.1 Product review: SonicWALL's SonicWALL NSA E5500 Open Source Security Tools Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities What are best practices for creating an IDS and maintaining a signature database? How to install and configure Nessus How to run a Nessus system scan Nessus: Vulnerability scanning in the enterprise Nessus 3 Tutorial Screencasts: On-screen demonstrations of today's IT tools Screencast: An introduction to the Open Source Security Testing Methodology Manual (OSSTMM) Ophcrack: Password cracking made easy Will Cisco's plan to open access to the IOS improve network security? Scott Sidel's Downloads Ophcrack: Password cracking made easy Nipper audits routers, reveals insecure settings Enigmail: Wrapping email in a digital security blanket Secure file copying with WinSCP FreeRADIUS: Acing a secure connection Spiceworks: Free network monitoring and management with a little zest VirusTotal: On-demand antivirus service scans malicious files Shining a spotlight on rootkits Eliminating the threat of spam email attacks ClamAV clamps down on e-mail security RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bastion host  (SearchSecurity.com) firewall  (SearchSecurity.com) Firewall Builder  (SearchSecurity.com) personal firewall  (SearchSecurity.com) screened subnet  (SearchSecurity.com) virus  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.