Over the course of recent years, some people have found the quality of most out-of-the-store firewall appliances either lacking functionality or worse, set at a price that has made them generally out of reach. Because of this issue, I thought it would be beneficial to write an article to better highlight what works and what does not with regard to turning an older PC into a standalone router/firewall appliance.
1. IPCop
At its very core, IPCop is in fact a firewall appliance before all else. And as many of you might suspect, IPCop happens to be a Linux distribution with the sole function of acting as a hardware firewall, thus protecting your network from threats outside and from within. IPCop can be installed via CD, Flash Drive, HTTP/FTP network setups and is fairly straight forward to setup.
Considering the offering of multiple language support and the fact that this little Linux distribution will run on pretty much anything, it is a proven homegrown firewall. Speaking of support, I should also point out that IPCop has a number of very cool add-ons as well. My two favorites are Banish and Copfilter, which is used to filter out malware and viruses in real time.
2. M0n0wall
Regardless of a fantastic effort by IPCop, there is just something to be said about rocking solid BSD solutions. The first that comes to mind is that from m0n0wall. It's small, 12 MBs small! That is the single biggest distinguishing thing to note about m0n0wall. Its size and portability, that is. Designed to be a replacement for those expensive firewall appliances used today, m0n0wall works on embedded machines, in addition to being quite useful on older x86 PCs as well.
Definitely a little more advanced from a usability standpoint than other solutions out there, but do not let this fool you, because m0n0wall is VERY powerful in all of its BSD goodness. This being said, it should be noted that even though m0n0wall is workable on a older PC, it shines best on embedded systems being used by more advanced administrators. Therefore, this is not a really good solution for new Windows converts looking to convert their old PC into something cool.
3. pfSense
From what I have been told, the pfSense project was started by the same people as m0n0wall. Those looking to revamp an older PC might be better off going with pfSense. Plenty of features to speak of. Most notable among them include:
# Redundancy -- By creating a fallover group, the network will remain secure even in the event of interfaces that go offline for some reason.
# Load Balancing -- Provides both inbound and outbound balancing between WAN connections or multiple servers, depending on which way the traffic happens to be going.
# Captive Portal -- Force the user to authenticate or simply find themselves redirected to wherever you wish.
For those who have tried IPCop in the past but are still hungry for more control over their firewall installation, then I highly suggest going with pfSense as a great BSD option.
4. SmoothWall
If you have any level of involvement with IT, then the chances are good that you have experienced a SmoothWall protected network at least once in your life. Often times, you may have not even been aware of it.
For many newbies totally unfamiliar with Linux or BSD, SmoothWall serves as a "gateway drug" for self-built firewall appliances, as it a provides for just about anyone with a blank CD and an older PC to create a ready-to-roll firewall appliance for their home office or small business. Just like other more complicated solutions, SmoothWall provides amazingly simple installation. Once installed, the administrator can setup their firewall settings, QoS, Web filter, anti-spam protection, and manage outgoing/incoming instant message conversations.
At its core, SmoothWall is a firewall with heavily content filtering abilities. If you have never tried turning an old PC into a firewall appliance, this is what I would suggest starting with. And yes, SmoothWall also has enterprise level support and offerings for those needing to go this route, as well.
5. Linux LiveCD Router
At first I hesitated to even bother highlighting this particular solution, as it bothered me on two fronts.
1. One, it is difficult to gauge just how well supported this Linux distro actually is. It appears to have dropped off the face of the planet around 2007?
2. It is a relative unknown to me. I know nothing of this option at all, other than the fact that it provides LiveCD functionality.
Those concerns aside, the fact that I am able to get a clear idea what this little LiveCD provides with regard to support does make me feel a lot better.
# Remote SSH administration.
# Load balancing between two ISP connections.
# Boot from a CD or a USB Flash Drive.
Each of these features mean something to the casual home user. Especially one that is not totally sure about taking the time to install something that might very well not be a good for their needs. Speaking for myself, I have gone both ways for awhile and finally ended up settling on a Draytek Vigor2820n Security Router. I decided to go this way due to hardware-heat headaches rather than me wanting something self-built.
At the end of the day, it is important to recognize that for some users, going with a build-your-own hardware firewall appliance is the way to go. But for many others, sometimes is just makes sense to buy something pre-built. And that is where trying out the various options out there comes into play.
Speaking for myself, I am thrilled that I first took the time to really understand the roll-your-own solutions first. It enabled me to better work through what I was looking for from a hardware firewall and what turned out to be mostly fluff
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment