Firewalls: Hardware and Software Solutions

Dennis Faas's picture

[Continued from: Firewalls: Definition | Firewalls: A Brief Discussion]

Because of my need to test everything I share with the infopackets audience, I have spent a great deal of time evaluating various firewall packages.

This kind of testing takes a lot of time. Installing each firewall and letting it work while I monitor it isn't hard work or anything, but it does take time -- sort of like watching grass grow, if you know what I mean. ;-)

The process I followed included installation and configuration as well as some time to allow the firewall to actually do its intended job. That last part is what takes all the time. Fortunately, since I have a small network here, so I can cause a few things to take place, but it is the waiting for the outside world to affect my environment that takes all the time.

What I was looking for was the ability of the firewall software to stop both inbound and outbound traffic. All of these packages will do that for you with a minimum of fuss and bother.

I'm going to tell you about two types of firewalls: the first is a software/hardware combination, and the second is a software package you install on your PC. All the software ones I tested are free for download (obviously, the hardware ones aren't)!

Hardware Firewalls

Smoothwall is a software firewall that is built around a Linux core. When downloaded, it is an ISO image that will later need to be burned onto a CD. For this application, you will need a separate PC with two network interface connections (NIC). The PC doesn't have to be "state of the art" -- in fact, an older machine will work fine. You install Smoothwall on the PC, make a few configuration settings and you're ready to go. Just install the PC between the outside world and your system and you are pretty much set. The software has an extensive manual so you'll have to do some reading to do, but it will be an interesting way to learn fire walling. I will warn you, though. This solution is not for dial-up but for DSL or Cable connections.

The Smooth Wall folks state that the initial design goals are to:

  • Be Simple enough to be installed by home users with no knowledge of Linux
     
  • Support a wide variety of network cards, modems and other hardware
     
  • Work with many different connection methods and ISPs from across the world
     
  • Use a web browser to manage and configure the software

SmoothWall Express is intended for use by anyone from a home user to a systems administrator. It can run on almost any PC from a 486 upwards, which becomes a dedicated firewall appliance (the SmoothWall box). Apart from the PC, all that is required is an Internet connection and some simple networking equipment to connect the SmoothWall firewall to the rest of your local, private network.

The version tested is ver. 2. The download is a bit over 46 Mb with the manuals included and 33 MB without manuals. The 13 Mb of manuals covers everything you can imagine and then some, so go for the larger of the two downloads. Therefore, if you have a spare PC lying around, this package will do a good job for you.

Another package, Gibraltar, is a firewall and router package, based on Debian/GNU Linux, which meets all individual requirements for a state-of-the-art firewall. Independent of the kind of Internet connection (dedicated line, ADSL, dial-up connection), Gibraltar provides for secure connections. It also uses a separate PC to operate but has the additional ability to support multiple systems by supporting DHCP (Dynamic Host Configuration Protocol).

Software Firewalls

To be continued tomorrow!

Rate this article: 
No votes yet