LocostBuilders - powered by XMB

Firewalls -- Netboz

britishtrident - 11/5/04 at 07:36 AM

I set up a Netboz firewall yesterday its pretty dammed good bit of software.

Take one old scrap PC with bootable CD rom and a floppy and add 2 network cards -- no monitor or keyboard required. Download software image and write it to a CD and the boot key to a floppy -- insert into old PC and boot. !

Its is no so flexible as IP Cop but it is less fussy about hardware (particularly network cards) and easier to set up. The PC I used had a Cyrix 233 pro, and Compac Netelligent dual network card and it still din't complain about the harware.

[Edited on 11/5/04 by britishtrident]

[Edited on 11/5/04 by britishtrident]

ned - 11/5/04 at 08:47 AM

British trident, is this just something that you're running at home or at work?

I'm looking into something for work as the number of hacking incidents here is getting silly (had a win2k server, fully patched hacked recently, only realised when i found 20gb of games and movies on it - and no, they weren't mine!)

Need something pretty robust, 150+ devices, 1gb backbone, 10/100mb to desktops..

Any suggestions? I'm looking into something linux based for cost reasons, but don't have much experience with linux (haven't built a box yet!)

Answers on a postcard...

Ned.

ChrisW - 11/5/04 at 10:55 AM

Ned

The other one to try is smoothwall but if you want something bespoke I can get one of my Linux experts to build something for you.

Chris

britishtrident - 11/5/04 at 11:45 AM

This ones at home but I have worked with IP Cop based firewalls at work but didn't set tem up but our Unix guru let me watch --- seemed very easy by Unix/Linux or Windows standards, IP Cop can be fussy about hardware as it is based on a fairly old Linux kernel it really only likes NE2000 clone NICs.

Netboz is easy to try as you can use virtually any old bit of PC kit all you need to is make the disks --- the Firewall is the Free BSD one quite well respected and used in a lot of hardware Router-Firewalls.
It is fairly flexible as regards IP addressing and DHCP also by adding a 3rd card you have a DMZ for servers.

The otherf course is to stick a secure Linux distro on a PC and use an IP table firewall --- easier than it looks lots of graphical front end tools around for doing this.
the Distrowatch web site has loads of info on suit flavours of Linux

kingr - 20/5/04 at 10:49 AM

quote:
Originally posted by ned
I'm looking into something for work as the number of hacking incidents here is getting silly (had a win2k server, fully patched hacked recently, only realised when i found 20gb of games and movies on it - and no, they weren't mine!)

Need something pretty robust, 150+ devices, 1gb backbone, 10/100mb to desktops..

Any suggestions? I'm looking into something linux based for cost reasons, but don't have much experience with linux (haven't built a box yet!)

Answers on a postcard...

Ned.

Ned, I really wouldn't touch Linux with a barge pole unless you know what you're doing, an incorrectly configured or unconfigured linux box is more of a risk than an unconfigured Windows 2003 server.

I know they're a bit pricey, but some of the watchguard hardware firewall really are very good. Incidentally, do you know that the attack didn't come from inside? Firewall wouldn't do a lot of good in that case.

Kingr

ceebmoj - 22/5/04 at 04:57 PM

Ned surly for the tipe of set up you are talking about ther it is a farly no brain disision to get a decent hard weare fier wall a at lased one layer of youer defence I would aso echo the view that if you do not know what you are doing then runing an incorecty configgerd box is just inviting a rodgering

britishtrident - 26/5/04 at 10:31 AM

For the home/small office just denigh everything unless you need it and don't run services you don't need --- tight firewalls make good neighbours.