Linux firewalls may be free, but they're not easy

Linux firewalls may be free, but they're not easy

You can spend thousands of dollars on a firewall, or, with a Linux operating system, you can get one for free. But that doesn't necessarily mean you will save thousands of dollars.

A standard version of Linux can be installed with two network interface cards and configured both for packet filtering and as an application layer firewall.

The two big questions are: How easy is it to get up and running, and how secure is it?

If you have reasonable Linux and networking skills, a Linux firewall could be fairly easy to set up. Linux includes packet filtering as part of the OS. But setting it up requires that you have a fairly high comfort level with Linux or another Unix-based OS, as well as with TCP/IP networking and network security in general.

Without that knowledge, you need a good guide to Linux firewalling'something I have yet to find'or an expert to help guide you through the process.

Even setting up a Linux box to do IP masquerade'a function like that performed by a network address translator'can be an ordeal unless you know exactly what you're doing.

To add more security, the Squid Web proxy cache included with many distributions'also available at www.squid-cache.org'offers proxies for the most important applications.

Alternatively, the cross-platform Socks application gateway firewall (see story, next page) is available from NEC USA Inc. at www.socks.nec.com.

Another alternative is offered by the Fireplug Edge Project, at edge.fireplug.net. Rather than using one of the commercial Linux distributions, many of which include scores of applications that complicate configuration and weaken security, the Edge Router uses the FirePlug Consulting Group's ThinLinux distribution to create a firewall appliance from a 486 or better PC. The OS has been pared to the minimum to contain configurations on a single floppy disk while still providing address translation and proxy and routing functions.

The Linux approach to security is appealing, but what you save on software licenses you'll spend on the time and resources needed to install, configure and maintain your security systems.

'Pete Loshin

inside gcn

  • cyber hygiene (Lucky Business/Shutterstock.com)

    Cleaning up cyber hygiene

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group