Linux Based Firewalls - A Killer Guard Penguin for your LAN

- Linux Based Firewalls -
A Killer Guard Penguin for your LAN
& NATs – Little Flying Network Address Translators

Mr. Know-It-All says, "IGOR, Release the Penguins and get the Bill Out of Here !"

FIREWALL INTRODUCTION

Internet use has exploded, and e-commerce has become a daily part of business and personal life. The commercial world has rushed headlong into doing business on the Web, often without integrating sound security technologies and policies into their products and methods. The security risks and the need to protect both business and personal data have never been greater.

What kinds of security threats are posed by the Internet? Some, like password attacks and the exploiting of known security holes, have been around since the early days of networking. Others, like password sniffers, IP forgery, and various types of hijacking and replay attacks, are newer. And still others, like the distributed denial of service attacks that crippled Yahoo, E-Bay, and other major e-commerce sites in early 2000, come from today's headlines.

Firewalls are a very effective way to protect your system from most Internet security threats and are a critical component of today's computer networks. Firewalls in networks keep damage on one part of the network (e.g., eavesdropping, a worm program, file damage) from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down. Worldwide Hacker penatrations per minute : are increasing !

Linux and an old 486 or Pentium-1 can make a powerfully effective and manageable Firewall. A PPP/Slip dial-up connection and a v.90 56K modem can be added as bonus dial-up for staff members working at home. NAT or network address translation can give a new range of IP numbers to a single static or even intermittent dynamic (floating ) IP connection like an BRI or cable modem.

Each ICON here can hack your PC right now, go ahead,.. try it :

WebShield Solaris From McAfee, it's issues apply to all firewalls !

WebShield for Solaris is a firewall-independent scanner that can easily plug into virtually any existing network framework. WebShield achieves this superior integration by implementing a gateway virus scanner that essentially acts like a router. And this router has the advantage of containing the world's number one virus scanning technology from McAfee. Now you can scan FTP, HTTP and SMTP traffic without affecting other performance-critical systems such as the firewall and mail servers.

WebShield Solaris can protect you against all forms of hostile attack from the Internet - by scanning FTP, HTTP and SMTP.
Most virus infections are now being transmitted via e-mail and the Internet, so Web Shield Solaris also guards against the latest wave of e-mail viruses and infected attachments.
WebShield Solaris scans for viruses at the Internet gateway where a virus can be stopped before it enters your network.

Features:
FTP Scanning
Uploading or downloading files by FTP protocol creates the potential for a virus infection. Only WebShield can scan both inbound and outbound FTP traffic. Other solutions leave networks vulnerable to an internal user uploading an infected file and an external client subsequently downloading that file without it ever being scanned-a huge security problem.

HTTP Scanning
HTTP or web traffic is another area of virus vulnerability. WebShield provides protection by defending against hostile Java, JavaScript and ActiveX applets.

SMTP Scanning
WebShield for Solaris scans both inbound and outbound SMTP (e-mail) traffic. It can clean, reject, or quarantine infected attachments and messages, and automatically notifies intended recipients or administrators. WebShield also protects against partial MIME messages and MIME file name attacks.

Integrated Web Security
Using Cyber Patrol functionality, WebShield boasts advanced web security features such as Anti-Spam, URL blocking, and content filtering, which go a long way to reducing corporate liability.

Management
WebShield for Solaris allows you to perform all management functions from a Java-based user interface, for local or remote administration. You can even administer several WebShield systems at once, from one machine. For additional security, the management communication channel requires shared secret authentication before permitting administrator access.

Logging
WebShield features a customizable logging interface, and gives you the ability to seamlessly export into common databases such as Microsoft Access or Excel.

FIREWALL ISSUES

2.1.1 "Source-routed-traffic"
2.1.2 "ICMP redirects" and "redirect bombs"
2.1.3 "denial of service" – via ICMP-Packets
2.1.4 Normal "denial of service" - DOS

"PENGUIN INSIDE "

2.2.1 SMURF - Attacks
2.2.2 SMTP Session Hijacking
2.2.3 Exploiting Bugs in Applications
2.2.4 Spoofing

2.2.5 Masquerading

4.7. "Dial-Up-Firewall"
4.8 FTP and Masquerading
4.9 Transparenter Proxy
4.10 Log (s)
4.11 ToS -Field
4.12 Port Forwarding
4.13 Background Virus Scanning at the Router
4.13 ICMP

CONFIGURATION & COMMANDS

Position (input, forward, output)

Protocoll ( B. tcp, udp, icmp)

IP-Adresses and optional Netmask

Control of Ports , which one of 65,536

Network-Packet Filters:

DENY

REJECT

REDIRECT <port>

MASQ

"input" packets

"output" packets

"forward" packets making an TCP/IP Router – Watch out Cisco !!

Installing the Floppy Firewall :

from: http://members1.chello.nl/~rvdoever/fwflop/

tar –zxvf fw.tgz ( un tar ball the install file set )

cd firewall ( change to directory ‘firewall’ )

cp fw.config fw.back ( make a backup of the config file )

pico fw.config ( choose network cards )

chmod +x *.sh ( Change ‘mod’ of the shell scripts to executable )

Next put in any good 1.44 diskette in drive FD0 ("A:"), be it Blank, Not Blank, or UnFormatted as this uses dd

./bootroot.sh ( this makes a Floppy FireWall ‘BOOT’ floppy )

Next put in another good 1.44 diskettein drive FD0 ("A:"), be it Blank, Not Blank, or UnFormatted as this uses dd

./utildisk.sh ( this makes a Floppy FireWall ‘UTILITY’ floppy )

These are the binary executables that can fit on the 'utildisk' floppy and supplement the internal commands of Linux ;
cp, dd, df, e2fsck, fdisk, ftp, gzip, ifconfig, libextfs.so.2, libextfs.so.2.4, lilo, liloconfig, ln, lost+found, mkdir, mke2fs, mkfs, mkfs.etx.2, mklost+found, mkswap, mv, netsat, nslookup, plipconfig, rdev, rmdir, swapon, swapoff, top, & useradd

Editors, either vi or pico won't fit on the first 'utildisk' floppy, but could be needed to edit any config file.

You can use dd to make backups with, dd if=/dev/fd0 of=backup.img bs=1k (if /dev/fd0 is your 3.5" floppy).
restore backups with, dd if=backup.img of=/dev/fd0 bs=1k (if /dev/fd0 is your 3.5" floppy).

Linux Firewall URL Reference & BookMark List

Linux Firewall and Security Site
... Linux Firewall and Security Site Featuring Firewall LAN,

the Linux Firewall Design Tool, the Firewall itself and LAN Security FAQ

www.linux-firewall-tools.com/linux/ - 18k - Cached - Similar pages

Creating A Linux Firewall Using the TIS (Trusted Information Systems) Firewall
… Linux Journal #25- May 1996 ; Creating A Linux Firewall Using the TIS...
www2.linuxjournal.com/lj-issues/issue25/1204.html - 28k -

Trusted Information Systems Inc. (TIS) http://www.tis.com/ )

http://www.pauck.de/marco/misc/fwtk_on_linux.html

The Firewall Toolkit (FWTK)

http://www.greatcircle.com/lists/firewalls Brent Champan’s Great Circle

Debian GNU/Linux Firewall
... This page is dedicated to a Debian GNU/Linux based Firewall system.
www.weikert.de/debwall/ - 31k -

Mason - the automated Firewall builder for Linux
... Recommended; Mason is a Linux based Firewall, but none like...
...interactively builds a Firewall using Linux' ipfwadm or ipchains...
users.dhp.com/~whisper/mason/ - 20k -

F F W – The Floppy Firewall, a Linux Firewall
... Turn an old 386 or 486 into a Linux based Firewall system, sans HardDrive.
FFW - http://members1.chello.nl/~rvdoever/fwflop/

F R P – Floppy Router Project , Linux based TCP/IP Router without a HardDrive.
The F R P – Floppy Router Project, TCP/IP FRP is closely related to the FFW Floppy Firewall.

http://members1.chello.nl/~rvdoever/pppflop/

L R P ; the Linux Router Project w/ Firewall
... This page is dedicated to the Linux Router Project based Firewall system.
http://lrp.steinkuehler.net/ Linux Router Project ( Firewall & Bonus PPP dial-in )

ZDNet: Help & How-To: Linux Firewall On A 486: A Guard-Penguin
...How-To install a Linux Firewall On A 486;

www.zdnet.com/zdhelp/stories/main/0,5594,2503199,00.html - 45k –

FLOPPY FIREWALL – SYSTEM HARDWARE REQUIREMENTS
386 with 4 Meg of RAM or

486 with 8 Megs of RAM or

Pentium-1 with 16 megs of RAM

2 Network Cards – ISA ; preferably matching ( Pentium –1 could use PCI or ISA NICs )

1 Floppy Drive –

Optional – 2^nd Floppy or 40 / 80 Meg HardDrive

Keyboard is Optional if CMOS RAM can be set for "NO Keyboard "

Monitor Card – Can be omitted & ignored in most 386’s and some 486’s

VGA Monitor Optional – ( Headless )

Note: Standard output can be redirected to a COM1: or COM2: , & then use an old Dumb Terminal.

PPP Router Option – One or Two 56K v.90 Modem’s configured on COM3 & COM4 if internal or

COM1: & COM2: when using external modems.

And it hurts to be cracked in the face !

HardDrive based Firewall system using Slackware 7.0 or 7.1 or Debian 2.1 or 2.2

16 Meg of RAM and 850 Meg, 1 gig or 1.2 gig harddrive minimum.

Partition HardDrive as follows ( re; stu & goeffrey )

Physical 1 ( hda1 ) ; /boot ; 8-10 Megabytes

Physical 2 ( hda2 ); / ( swap type 82 ) = 2xRAM or 32 Megabytes

Physical 3 ( hda3 ) ; / ( root ) = 250 Megabytes

Physical 4 ( hda4 )- contains balance of drive these extended partitions

Extended 4.1 ( hda5 ) ; /var = 100 Megabytes
Extended 4.2 ( hda6 ) ; /tmp = 100 Megabytes
<
Extended 4.3 ( hda7 ) ; /usr = 200-300 Megabytes
Extended 4.4 ( hda8 ) ; /home = 5-10 Megabytes
<
Extended 4.5 ( hda9 ) ; /usr/local = 0-100 Megabytes **
Extended 4.6 ( hda10 ) ; /opt = 0-350 Megabytes **
**The last two, hda9 & hda10 are not needed on a firewall system

^st

Installing a Firewall, part #1

Installing a Firewall, part #2 of article

Installing a Firewall, part #3 of article

Linux vs. a SUN Solaris FireWall - SYSTEM HARDWARE REQUIREMENTS

System: Sun ( Solaris ) Type: SPARC or UltraSPARC system Memory: 128 MB of memory ( more is strongly recommended ) Disk Space:

- Root: 64 MB

- swap 256 MB (a minimum of two times the size of the physical memory)

- /usr 600 MB (with at least 64 MB free space)

- /var remaining space (500 MB minimum)

Other Hardware: Access to CD-ROM drive supported by Solaris 2.6 if you intend to install the product from a CD Other Software:

- Solaris software packages (required for installation)

- Standalone System (do not select OS Server or Dataless Client)

- Developer System Support (do not select End User System Support or Core System Support)

- Latest Solaris recommended security patches

- FireWall tools that come with most Linux distributions -

ipchains IPCHAINS & Linux IP Firewalling Chains - http://www.linux.org/docs/ldp/howto/IPCHAINS-HOWTO-4.html
More on IPCHAINS IPCHAINS Vunerability. - http://linuxtoday.com/stories/8272.html
http://howto.tucows.com/LDP/HOWTO/IPCHAINS-HOWTO-2.htmlIPCHAINS Setup
IP Filter - http://cheops.anu.edu.au/~avalon a TCP/IP packet filter, suitable for use in a firewall environment
ftp://ftp.rustcorp.com/ipchains/ipchains-scripts-1.1.2.tar.gz Usefull Scripts for IPCHAINS
http://service.real.com/firewall/index.html Firewall problems for Real Audio and other Streams
ipfwadm - http://www.xos.nl/linux/ipfwadm utility to administer IP accounting and firewall services
masqd - http://www.els.url.es/~si03786/masq.html a management utility for a Linux Firewall
http://hoohoo.ncsa.uiuc.edu/ - The NCSA HTTPd FREE WEB daemon & security issues of http:// services
http://www.roxen.com/ the ROXEN Free WebServer,... what NSCA turned into.
SOCKS - http://www.socks.nec.com free proxy server and client from NEC using the SOCKS protocol
SQUID - http://squid.nlanr.net/Squid a linux based WWW proxy application
Firewall Mailing List & Archives - http://lists.gnac.net/firewalls

COMMERCIAL PRODUCTS

Phoenix Adaptive Firewall uses state inspecting firewall for network and Internet security,

The Phoenix Adaptive Firewall is the first ICSA certified firewall on linux distributions.

It uses adaptive, state-analysis firewall technology with a java based gui for secure remote administration.

http://www.stonebeat.com A leader in Secured Availability for networks and Internet security

http://www.sniffer.com Sniffer from Network Associates ( McAfee ) http://www.nai.com makers of

NetSheild for Linux ; http://www.mcafeeb2b.com and WebSheild at the NOC’s LAN Gateway http://www.mcafeeb2b.com/products/webshield-solaris/default.asp

OPEN Source Firewalls

Commercial Linux Firewalls

Linux Appliance Roundup

http://www.dilbert.com/comics/dilbert/archive The Dilbert Cartoon Archives

ASP NOC Architecture Block Diagram

Class "C" range 204.70.122.1 to 204.70.122.254

Router is a Netoupia – 5400 SDSL @ 1.5 MB/s symmetrical, IP # = 1

firewall.mo-fo.net = Floppy Firewall IP # = 2

NS1.mo-fo.net = Slackware 7.1 IP # = 3 – 17

tucows.mci.com = IP # 18

NS2.mo-fo.net = IP # 20

end