Closing the case on network firewall security with IPCop

Looking for a decent network firewall suitable for SOHO, branch offices and even small enterprises? IPCop turns nearly any spare PC into a full-featured stateful inspection firewall.

The IPCop firewall supports multiple network segments -- trusted, un-trusted and

    Requires Free Membership to View

    Login

semi-trusted -- for wireless networks and DMZ. It runs very well off old 486 hardware or can be bulked up to handle gigabit-speed networks. IPCop is stable, has an easy-to-use graphical interface, and since it is based on Linux under the hood, it's free.

IPCop is a breeze to install: download the software and create a boot disk. The installer creates a complete, hardened system that has the option of running completely off of a flash memory card. Like many gateway routers, IPCop handles DHCP leases, DNS and network time protocol, plus it has several extras that make it stand out.

For more information:
In this tip, security pro Mike Chapple discusses the rule bases for building an application firewall.  

Security expert Ed Skoudis discusses how to interpret firewall security alert messages.

In this expert Q&A, Mike Chapple provides three important points to consider before buying an enterprise firewall.
For starters, IPCop comes with Snort, an excellent intrusion detection system (IDS) built-in. Snort uses a signature-based detection engine to analyze the contents of packets, and triggers an alert on malicious activity. VPN support allows for secure tunnels between other IPCop servers or with just about any other VPN product using IPsec. Authentication can be done with pre-shared keys or X.509 certificates. Web proxy and content caching is built-in to speed up Internet surfing. Traffic shaping is also built-in to allow designated traffic to be given priority. IPCop's Web GUI provides information about firewall and network status, graphically showing usage trends, traffic graphs and active connections.

IPCop's stateful firewall keeps track of connections to and from each zone based on the source and destination IP addresses and ports, as well as the state of the connection itself. The zones are color-coded, making it easy to understand where traffic is going. Information on individual connections is displayed and each connection from or to your network segments is shown. Being stateful, only the packets that are consistent with the current state of a connection will be allowed through the IPCop firewall.

You can pay a lot more money for a firewall with as much built-in functionality, but IPCop is not just a free network firewall, but one good enough to keep your network free of bad packets.

Scott Sidel, CISSP, is an Information Systems Security Officer (ISSO) for Lockheed Martin.

This was first published in July 2007

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

    Back to top