unified threat management systems (utms), open source routers and
TRANSCRIPT
Session Overview
The Linux Kernel is particularly adept at routing IP traffic and lends itself for use as the operating system for building not only your own router, but also routers that include firewalls and intrusion detection. Performance of these systems often outstrips that of proprietary products. Well-known packages include Astaro, Untangle, pfSense and IPCop.
Untangle www.untangle.com
Included Free• Web Filter • Virus Blocker • Spam Blocker • Ad Blocker• Attack Blocker • Phish Blocker • Spyware Blocker • Firewall • Routing & QoS • Intrusion Prevention • Protocol Control • OpenVPN • Reports
Available for Fee• Live Support • eSoft Web Filter• Kaspersky Virus Blocker• Commtouch Spam Booster• WAN Balancer• WAN Failover• Policy Manager• AD Connector • PC Remote• Remote Access Portal• Branding Manager
Untangle Deployment Options
• Router: Dedicated server that performs routing & firewall services
• Transparent Bridge: Dedicated server that drops seamlessly behind existing routers & firewalls
• Re-Router™: Adds network-wide protection while running on an existing desktop (runs on Windows)
• Runs on bare-metal install, or on Windows XP, or in VMware.
Untangle Pro and Cons
PROS• Cost• Commercially
Support• Serves multiple
functions
CONS• Cost – not free!• Supports limited
number of NICS/networks
IPCop www.ipcop.orgThe Bad Packets Stop Here.
Now we’re talking, think of IPCop as free replacement for your Cisco PIX (just add your own standard PC).
There are plenty of add-ons for this product also:
•URL filter with predefined categories
•Advanced Proxy
•OpenVPN
•ClamAV
•Update Accelerator for Windows Update caching
•BOT – Blockout all Traffic – used to specify which ports and addresses can be used for outgoing traffic
IPCop Installation
• Again, very straight forward and quick.• Download an iso file, build cd, boot to cd
and it installs.• Pick add-ons, install and configure
IPCop Pros and Cons
Pros• Free except for
hardware• Online community of
support• Continually developed
and enhanced
Cons• Not much
commercially available support
• Must learn something about linux to use, not much, but at least a little
Astaro – www.astaro.com
• Solution based on open source software• Buy appliance or image and pick your own
hardware• Web filtering• Anti-virus• Very good failover capabilities built in• Price based on size of data pipes
pfSense in a nutshell
• open source firewall• based on FreeBSD and the pf firewall
(packet filter)• 3 Editions – LiveCD, Embedded & Full
install
Deployment Types
• Boarder Firewall to the Internet• Internet Proxy• LAN Router• WAN Router• Packet Sniffer• DHCP Server• VPN Server
Makes a great firewall for your home or remote war room!!!
Hardware
• 10-20Mbs -> 266 MHz CPU• 21-50Mbs -> 500MHz CPU• 201-500Mbps -> 2GHz w/ pci-x or –e nic• 501+Mbpz -> 3GHz CPU
Embedded version can run on Soekris, Nexcom, Hacom and Mini ITX hardware
What makes it so special?
• Supports multiple Internet Connections• Captive Portal • Wake on LAN• Packet Sniffing• Statistical Graphing• Simplified ruleset due to use of aliases• It’s free!!! (and offers more then many
commercial firewall appliances)
What else can it do?
• Add on packages are being developed all the time.Automated backups Avahi (think Bonjour)
FreeSwitch VOIP antivirus proxy
IGMP Proxy Squid
Nagios client BGP
Radius support OpenVPN support
Instant Messaging Inspector cflow integration
SIP Proxy Intrusion detection
Stunnel spam removal
How to do I set it up?
1. Find a computer with 2 network cards.2. Boot from the live cd and assign the
outside and inside interfaces.3. Your done.