| View previous topic :: View next topic |
| Author |
Message |
Keruskerfuerst
Advocate
Joined: 01 Feb 2006
Posts: 2289
Location: near Augsburg, Germany
|
 Posted: Sun Nov 08, 2015 8:08 am Post subject: Secure firewall |
 |
|
I am searching for a secure firewall for my 50MBit DSL connection.
I have a special distortion on my internet connection.
I have searched a bit and found the follwing device:
Cisco ASA 5506-X: I have found no information about configuring the firewall.
Can anyone recommend a secure firewall device or how to build one? |
|
| Back to top |
|
 |
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54232
Location: 56N 3W
|
| Posted: Sun Nov 08, 2015 1:16 pm Post subject: |
|
|
Keruskerfuerst,
| Keruskerfuerst wrote: | | I have a special distortion on my internet connection. |
Tell us more.
I use shorewall (IPv4) and shorewall6 (IPv6) on a gentoo hardened KVM as my firewall on my router.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
Keruskerfuerst
Advocate
Joined: 01 Feb 2006
Posts: 2289
Location: near Augsburg, Germany
|
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Mon Nov 09, 2015 11:33 am Post subject: Re: Secure firewall |
|
|
| Keruskerfuerst wrote: | | I am searching for a secure firewall for my 50MBit DSL connection. |
Well, tell us more about your needs.
The bandwidth isn't a problem, as almost all the networking devices can work at least at 100Mb/s. The problem could be the number of packets by second they'll have to analyze (ex: do you use P2P apps intensively ?), the number of firewall rules you plan to put in (more there are, more cpu time required to parse them), and the "level of security" you want (Deep Packet Inscpection is more secure, but can easily overload the system, for example).
How many network devices do you want ? How many servers and workstations on your network ? Do you use VLANs ? DMZs ? VPNs ? Proxies ?
Are you comfortable with networking ? Do you prefer an easy-to-use appliance, or to go deeply on the guts of the beast ?
And, last but not least, what is your spending limit ?
The most adaptable solution is obviously a linux (Gentoo hardened...) box with netfilter/iptables. |
|
| Back to top |
|
|
Keruskerfuerst
Advocate
Joined: 01 Feb 2006
Posts: 2289
Location: near Augsburg, Germany
|
| Posted: Mon Nov 09, 2015 12:07 pm Post subject: |
|
|
Network setup:
Internet->modem->firewall->router (8 GBit ports)
Actually I use a 50MBit/s VDSL2+ connection. Maybe be upgraded to 100MBit/s.
Preferred utilization:
1. "Normal" internet surfing (webpages, shopping,...)
2. From time to time P2P, I only download programs line libreoffice or iso images
3. Internet banking (with https and security services)
4. No VPN
5. No Proxies
6. I do understand networking like ipv4, ipv6 and networking fundamentals
7. iptables or nftables rules: block all ports except: ftp, http, https, imap, pop, smtp and internet time service
I spend some time to assemble a firewall computer:
1. CPU: Intel Core i3 6300T
2. Mainboard: Asus Z170 Pro Gaming
3. 32GB DDR4-2133 HyperX modules
4. 256GB Samsung 850 Pro
5. Intel PCIe 1GBit networking card (1 GBit networking device is on board)
6.CPU cooler: Thermalright True Spirit
7. no additional graphics card
I wonder, if the internal graphics card of the processor is supported by Gentoo or any other hardend distro. |
|
| Back to top |
|
|
Syl20
l33t
Joined: 04 Aug 2005
Posts: 619
Location: France
|
| Posted: Mon Nov 09, 2015 2:21 pm Post subject: |
|
|
Your computer is by far oversized. I have a self-made box too :
- Core2duo e7300,
- 4 GB DDR3,
- 40 GB SATA HDD,
- 5 PCIe + 1 onboard 1Gb/s NICs.
~300 firewall rules (3 intranet zones, 7 physical computers), P2P, fail2ban, reverse proxy web, mail relay, DNS cache, NTP relay, and several additional little tasks, like a rsync server to redistribute the portage updates. The machine gets bored :
| Code: | top - 15:16:07 up 3 days, 7:03, 1 user, load average: 0,00, 0,01, 0,05
Tasks: 82 total, 1 running, 81 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0,0 us, 0,2 sy, 0,0 ni, 99,2 id, 0,7 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem : 4043160 total, 2766468 free, 87904 used, 1188788 buff/cache
KiB Swap: 2097148 total, 2097148 free, 0 used. 3904216 avail Mem |
If you plan to manage your box by command line, no problem with Gentoo hardened and your graphic chipset. You just have to configure your kernel il you want a framebuffer console.
You should configure your router as a switch, or replace it by a switch, as the firewall is, by design, a router too. |
|
| Back to top |
|
|
The_Great_Sephiroth
Veteran
Joined: 03 Oct 2014
Posts: 1602
Location: Fayetteville, NC, USA
|
| Posted: Wed Nov 11, 2015 2:12 pm Post subject: |
|
|
I have a P2/433MHz box running Debian 7.8 32bit which does this for me. I use iptables for my firewall and bind9 for DNS. I use ISC-DHCP-Server for DHCP. Been working great for years now. I think it has a 4GB IDE disk in it. I access it via SSH since it only has power and Ethernet plugged into it.
_________________
Ever picture systemd as what runs "The Borg"? |
|
| Back to top |
|
|
fayeseom
n00b
Joined: 02 Nov 2015
Posts: 2
|
| Posted: Wed Nov 25, 2015 11:53 am Post subject: networking and security |
|
|
| Network security consists of the policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
