RE: Need secure firewall for SOHO

["Mike Sweeney" <mikesweeney () packetattack com>]

Linux has more than a few choices available. For a command line, you can use shorewall. For a GUI interface to 
iptables, you can use Firestarter. For a full featured firewall, you can always look at IPCOP. A second set of 
solutions can be Gibraltar which can run off a CDR which is a nice secure way to configure a firewall and they offer a 
free license for non-commercial use as does Astaro. I personally prefer Gibraltar's frontend over Astaro but either 
work well. Firestarter has worked very well for a quick and dirty firewall configuration on a testbox of mine.

My own experience is that the personal firewalls like ZoneAlarm, McAfee, Kerio etc have their place but are not to be 
relied on for anything beyond very limited protection. There some that will argue this point, but that is my opinion. 
Nothing more, nothing less. I do use Kerio on my travel laptop and it's proven to be useful and rather non-intrusive in 
my day to day activities. But in the office, I use one of several different "real" firewalls depending on what I'm 
working with at the time.

MikeS

_________________________________

Packetattack.com
Network Design and Security
www.packetattack.com

Office (714).637.4235

"QUIS CUSTODIET IPOS CUSTODES"
    WHO SHALL GUARD THE GUARDS

-----Original Message-----
From: dallas jordan [mailto:dallas.jordan () gmail com]
Sent: Wednesday, February 02, 2005 5:54 PM
To: Jim.DAmbrosia () montgomerycollege edu;security-basics () securityfocus com
Subject: Re: Need secure firewall for SOHO

Jim,
   I dont believe OpenBSD has a GUI for its firewall configuration.  I
could be wrong.  I've just always edited the config file.  It's pretty
easy to set up a basic firewall and the documentation on the Openbsd
website is really good.  There may be some 3rd party xwindows gui you
could find.  Plus, OpenBSD is "out of the box" really secure.


On Wed, 2 Feb 2005 16:40:31 -0500, DAmbrosia, Jim
<Jim.DAmbrosia () montgomerycollege edu> wrote:
> Hi Dallas,
>
> I'll point him in that direction.  I briefly looked at the website and
> was curious.  Does it have and xwindows interface for operations and
> configuration?
>
> Thanks,
>
> Jim,
>
>
> -----Original Message-----
> From: dallas jordan [mailto:dallas.jordan () gmail com]
> Sent: Wednesday, February 02, 2005 3:29 PM
> To: DAmbrosia, Jim
> Subject: Re: Need secure firewall for SOHO
>
> Jim,
>     He can run OpenBSD on a fairly low power pc and it will do just
> fine.  Then he can us a 16 port switch for his clients.   That would
> be fairly cheap and OpenBSD is an excellent firewall, both performance
> and security wise.
>
> On Tue, 1 Feb 2005 08:47:12 -0500, DAmbrosia, Jim
> <Jim.DAmbrosia () montgomerycollege edu> wrote:
> > To the group,
> >
> > I have a colleague who has a SOHO network using ADSL.  He is using a
> standard Linksys router for his firewall, but has reached a limit in the
> number of ports it can open and manage.  I don't have one on hand to
> check, but evidently the Linksys only has ten slots to configure ports
> to be opened and he needs 12-15 or so.
> > Without a lot of money he wants to get a different firewall up and
> running that has more ports that it can manage.
> > I suggested the free version of zone alarm as the only free one I'm
> aware of; however it turns out that he wrote his thesis on how you can
> crack zone alarm.
> > Looking for another much more secure solution?
> >
> > Thanks,
> >
> > Jim,
> >
> > >
> --
> Dallas Jordan CCNA, CISSP
> Ernst & Young LLP
> Security & Technology Solutions (STS)
> Office:   404-817-5940
> Mobile:  404-274-2649
> EY/Comm:   7455673
> E-mail:  Dallas.Jordan () ey com


--
Dallas Jordan CCNA, CISSP
Ernst & Young LLP
Security & Technology Solutions (STS)
Office:   404-817-5940
Mobile:  404-274-2649
EY/Comm:   7455673
E-mail:  Dallas.Jordan () ey com