Firewalls

From MissionTechWiki

Description

A firewall is a device that protects one network from the activity on another. Generally they are used to protect an office network from the Internet. Wikipedia has an article on Firewall (networking).

Firewalls can operate to stop unwanted traffic entering a network (ingress filtering) and exiting a network (egress filtering).

Hardware Firewalls

These are dedicated off the shelf equipment that include a firewall component. They may be simple home firewall devices include in broadband routers, or specially designed corporate devices.

There are several manufacturers that create hardware firewalls and some are combined with routers and even Wireless Access Points (WAPs)

• Sonicwall (link: http://www.sonicwall.com)
• Netgear (link: http://www.netgear.com)
• Cisco (link: http://www.cisco.com)

Personal Firewall

This is a software application that can be installed on your PC (one comes with XP) that aims to protect your PC from the network that you connect to. This can be very important for missionaries with laptops who connect to various networks, including wireless networks.

• Windows XP firewall only blocks incoming connections, it does not stop malicious software on your PC from connecting to the Internet (egress filtering).
• ZoneAlarm is a common personal firewall which is available free for personal use.
• Comodo firewall highly rated free firewall that replaces the Windows firewall (disables the Windows firewall on installing).

PC based firewall distributions

There are a number of Linux and BSD distributions that are designed to be dedicated firewalls.

Some are

• IPCOP - has plugins available that can be useful. e.g.
  • advproxy is a web proxy that can perform filtering and cache windows updates.
  • IPCop's Add On Server plugin will allow the use of many different plug-ins.
  • DansGuardian is a well-recommended very flexible Content Filter. DG is installed with the CopPlus plugin.
• EFW which is a derivative of IPCOP that includes a number of other features which can be added to IPCOP, eg web content filtering and spam filtering. It also includes egress filtering by default.
• m0n0wall is a BSD based firewall with an emphasis on embedded installations.
• PFsense - a variant of m0n0wall based on FreeBSD which offers more features. Can handle routed (public) IP addresses in addition to NAT.
• SmoothWall Express - a NAT firewall based on Linux which has a large support base and a number of plug ins such as Dans Guardian (a content filter).

Linux Server Distributions include firewalling

These Linux distributions include a firewall component, but include other services which would normally be on a separate machine.

The preferred design for a firewall is to limit the applications on the machine to minimise any impact of an attack on the machine itself, and to minimise the tools available for attacks from the machine. These distributions violate that principle as a compromise on complexity for small organisations (less equipment is required, there is less to manage, and firewall setup requires less knowledge).

• SMEserver is a small office server which includes a basic firewall that limits external access to only those services which are enabled for public access.
• Clark Connect - a Linux firewall which includes a small business server for mail, file serving, etc. The basic version is free.
• The Linux Router Project describes how to create a firewall that can run off a floppy.

(Actually, to be truthful, don't all Linux distributions contain a firewall component? These might have tools to help set things up and monitor it, but all distributions contain a firewall.)

Original page: http://www.missiontech.info/wiki/Firewalls
from the MissionTech Wiki created by the International Conference on Computers and Missions