2/27/2007

A small piece of mind and network security. IPCop Install Review

I have been using IPCop for some time. However not to its fullest extent. I have recently upgraded my ISP and am of a mind to try more things and branch out. To me, the obvious first step to that is expanding the capabilities of my firewall and router. I had decided that I had grown beyond the capabilitis of DD-WRT and so I needed something with a little (only a little) more "oomph"

My kit includes an old box I had laying around ($100 off craigslist a year ago):

512 RAM

P3

20Gig Drive

3 10/100 Ethernet cards

CD-ROM

And a freshly burnt .iso of IPCop 1.4.13...

First a background:

IPCop is a derivitave of Smoothwall, another great firewall product. Indeed, I used smoothwall for a time before switching to IPCop, no real reason other than I was interested in setting up a VPN and there was a VPN server module available for IPCop.

Read more about IPCop:

IPCop Homepage

HowToForge.com: Perfect Linux Firewall

-----

One of the things I like about IPCop is that it is very adaptable to different situations. Not just the fact that it is linux, but that it can accept add-on modules. I plan on installing CopFilter (one of those add-on modules I mentioned). And have in the past used the OpenVPN module with secure an stable success.

So I pop in the freshly burnt IPCop install cd (I love the smell of CD Burning in the morning) and it warns me that my disk will be wiped, which is fine, i expected as much, and then proceeds to lead me through my configuration options.

I took the RED+GREEN+ORANGE option because I have plans for my growing home network that include the need for a DMZ separation from my local machines. It was quite simple and very intuitive. It wasn't a "graphical" install but used text based graphics and I used the TAB key a lot - which has never bothered me. Setup was quite painless and when I rebooted I remembered the handy feature of causing the PC Speaker to sing a little song to let me know it was up and running. At first I wondered why - then I realized there were probably a lot of "headless" installs out there. Little things like that impress me, what can I say?

Overall I'd say IPCop was pretty easy to get up and running. It works well out of the box and offers loads of other features that I had found useful. One of which is that it has an option to turn itself into a DNS server for name resolution. So when I am setting up client machines I dont need to know the nameserver addresses of my ISP - i just hit my IPCops ip for name resolution. I like simple.

It also can act as a time server to keep the client boxes on-time.

Another few handy features I'm sure some will apprecaite is the proxy and dyndns. Of course these days routers need to update hostnames, and IPCop is no exception, comes built in with a DynDns updater. It also comes with a proxy page that I have not played with. From the look of it one can get an account on any proxy server and the IPCop will log into it with your supplied info and route all traffic through your proxy.

One of the more valuable aspects is the ability to do intrusion detection. IPCop comes with Snort. It has a section devoted to its logs and the ability to update Snort's intrusion detection rules very simply. It is based on an "Oink code" you can get from the Snort website. Step one in network security is discovering attacks. Snort is a very valuable tool for this.

----

My next step will be to install virtual servers on the DMZ and see how they run with the green network. I am considering Xen with VMWare as a plan "B". More updates to follow...

No comments: