- Category: Linux Articles
- Published on Friday, 28 February 2014 13:24
- Written by Administrator
- Hits: 3742
In this article I would talk about securing a intra-network from external attacks. The intra-network could be a group of PCs connected to a switch and the switch in turn connected to an Internet Broadband modem. Now we could implement the required security in two ways. First secure all the PCs by loading desktop firewalls in them. Loading those PCs with anti virus software with latest updates. Further more , update the OS with all the required patches. However, we can not do much about the end users. Many a times we are faced with users who have got very little knowledge about computer networks in general. These users invariable would load softwares on to their machines which would comprise their security . One solution, could be that one takes away the administration rights from them and let them use the machine with user rights. Therefore, they would not be able to cause any damage to their system. However, this setup would require configuring each and every machine on the system. Further more, no users would like to be dictated how they should use their machine, after all they own it.
So whats the way out. Think of securing the perimeter. This way we need not secure each individual PC and the users are at liberty to do whatever they feel like with their machine, as they are the administrators themselves. As we have got only one gateway to the intra-network in terms of the Ethernet connectivity coming from the Broadband user, to engineer the above setup we could pass it through a Network Firewall. The resulting setup now would be , Ethernet data coming from the broadband router goes to the network firewall's WAN port, the intra-network gets connected to the LAN port of the Network firewall.
Fine, now that we have thought of placing a network firewall, lets see what all is available in the market. Well through money and you can pick up the best of Juniper and alike Firewall. But do we really need all that high end Network Firewall. The answer is , one could easily do a much better job with a Linux based Network Firewall. Did some one say Linux. And the first response one gets is anything but Linux or I have never used Linux etc. This article I have specially target towards those network administrators who have had no experience about Linux, what so ever. We would build a Network firewall and much more in a matter of time from scratch.
To start with get hold of an old PC having two LAN cards and atleast 256MB RAM, 2GB Hard-disk space. Keyboard, mouse and Monitor would be required only during the installation process.
Download the latest version of pfsense (Network Firewall ) iso image from https://pfsense.com/download/mirror.php?section=downloads . Create a installation disk from the image file by burning it on to it using any CD/DVD writing software.
- Next >>