Linux firewalls may be free, but they're not easy

Linux firewalls may be free, but they're not easy

You can spend thousands of dollars on a firewall, or, with a Linux operating system, you can get one for free. But that doesn't necessarily mean you will save thousands of dollars.

A standard version of Linux can be installed with two network interface cards and configured both for packet filtering and as an application layer firewall.

The two big questions are: How easy is it to get up and running, and how secure is it?

If you have reasonable Linux and networking skills, a Linux firewall could be fairly easy to set up. Linux includes packet filtering as part of the OS. But setting it up requires that you have a fairly high comfort level with Linux or another Unix-based OS, as well as with TCP/IP networking and network security in general.

Without that knowledge, you need a good guide to Linux firewalling'something I have yet to find'or an expert to help guide you through the process.

Even setting up a Linux box to do IP masquerade'a function like that performed by a network address translator'can be an ordeal unless you know exactly what you're doing.

To add more security, the Squid Web proxy cache included with many distributions'also available at www.squid-cache.org'offers proxies for the most important applications.

Alternatively, the cross-platform Socks application gateway firewall (see story, next page) is available from NEC USA Inc. at www.socks.nec.com.

Another alternative is offered by the Fireplug Edge Project, at edge.fireplug.net. Rather than using one of the commercial Linux distributions, many of which include scores of applications that complicate configuration and weaken security, the Edge Router uses the FirePlug Consulting Group's ThinLinux distribution to create a firewall appliance from a 486 or better PC. The OS has been pared to the minimum to contain configurations on a single floppy disk while still providing address translation and proxy and routing functions.

The Linux approach to security is appealing, but what you save on software licenses you'll spend on the time and resources needed to install, configure and maintain your security systems.

'Pete Loshin

Featured

  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected