Problem solve Get help with specific problems with your technologies, process and projects.

Closing the case on network firewall security with IPCop

With new threats constantly evolving, the basic network firewall is in dire need of a serious makeover. But finding a firewall that includes a plethora of security features without breaking the budget isn't always easy. In this tip, contributor Scott Sidel examines IPCop, a Linux-based firewall aimed at providing security professionals with a manageable and effective firewall appliance.

Looking for a decent network firewall suitable for SOHO, branch offices and even small enterprises? IPCop turns nearly any spare PC into a full-featured stateful inspection firewall.

The IPCop firewall supports multiple network segments -- trusted, un-trusted and semi-trusted -- for wireless networks and DMZ. It runs very well off old 486 hardware or can be bulked up to handle gigabit-speed networks. IPCop is stable, has an easy-to-use graphical interface, and since it is based on Linux under the hood, it's free.

IPCop is a breeze to install: download the software and create a boot disk. The installer creates a complete, hardened system that has the option of running completely off of a flash memory card. Like many gateway routers, IPCop handles DHCP leases, DNS and network time protocol, plus it has several extras that make it stand out.

For more information:
In this tip, security pro Mike Chapple discusses the rule bases for building an application firewall.  

Security expert Ed Skoudis discusses how to interpret firewall security alert messages.

In this expert Q&A, Mike Chapple provides three important points to consider before buying an enterprise firewall.
For starters, IPCop comes with Snort, an excellent intrusion detection system (IDS) built-in. Snort uses a signature-based detection engine to analyze the contents of packets, and triggers an alert on malicious activity. VPN support allows for secure tunnels between other IPCop servers or with just about any other VPN product using IPsec. Authentication can be done with pre-shared keys or X.509 certificates. Web proxy and content caching is built-in to speed up Internet surfing. Traffic shaping is also built-in to allow designated traffic to be given priority. IPCop's Web GUI provides information about firewall and network status, graphically showing usage trends, traffic graphs and active connections.

IPCop's stateful firewall keeps track of connections to and from each zone based on the source and destination IP addresses and ports, as well as the state of the connection itself. The zones are color-coded, making it easy to understand where traffic is going. Information on individual connections is displayed and each connection from or to your network segments is shown. Being stateful, only the packets that are consistent with the current state of a connection will be allowed through the IPCop firewall.

You can pay a lot more money for a firewall with as much built-in functionality, but IPCop is not just a free network firewall, but one good enough to keep your network free of bad packets.

Scott Sidel, CISSP, is an Information Systems Security Officer (ISSO) for Lockheed Martin.

This was last published in July 2007

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.