Re: Firewall Solution - 50 Users on SDSL Connection

[Devdas Bhagat <devdas () dvb homelinux org>]

On 03/10/03 09:39 -0400, Dan Harp wrote:
> We have about 50 IP devices (workstations, servers, etc.) on a
> 100Mbps CAT5 network internally, and our connection to the 'Net
> is SDSL.
>
> We are looking for a relatively inexpensive (or open source)
> firewall device that does the following:
(I don't like the idea of a firewall "device", which conveys to me a
plug and forget concept, rather than something which has to be watched
regularly, to monitor compliance with security policy).

How competent are you with unix systems? If you are fairly competent,
any Linux/BSD distribution would do for you to start with and then
harden. If you aren't too familiar with unix, but can handle a command
line, then I would suggest OpenBSD.
If you want a GUI for configuring your firewall, you can go with a Linux
distribution like IPCop or Smoothwall.
Webmin (www.webmin.org) also has a firewall rules module.

> Inbound filtering:
>       -ICMP, Ports (135, etc.), "default deny"
Pretty easy to do with a packet filter.

>       -What about file extension filtering?
If you are trying to filter files by extension, you will want
application layer proxies as well.
A simple proxy would be squid for http traffic.
If you want a mail proxy as well, I would suggest Postfix with
amavisd-new, clamav and SpamAssassin.

DJBDNS/BIND should make an acceptable DNS proxy as well (though I would
want to keep BIND very up to date).

I have heard good things about PIX firewalls as packet filters, but
mostly bad things about their SMTP filtering.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards