Re: Choosing a Firewall/Router Distro

["Bryan J.Smith" <b.j.smith@ieee.org>]

Tim McDonough wrote:
> I would like to retask an older computer as a firewall/router for our 
> home network.

Always a great idea.

>  I like the idea of a floppy based solution due to the least amount of 
> a) power usage, and b) noise pollution in my home office.

First off, an ideal ATA disk uses less than 1W and typically sub-10W in 
full seek.
So power really isn't an issue there.
If you go with a 2.5" hard drive, you drop it even further as well as 
have 4200rpm solutions that run cool.
You only need a few GBs so even a cheap $40 2.5" will do.

But if you're really worried about power and sound, consider a Linksys 
WRT54G instead.
Nothing beats solid state.

Otherwise, I highly recommend IPCop and a hard drive for logging/IDS 
considerations, even if you end up moving the logs off the box regularly 
or in real-time.

>  (I could be talked out of a floppy solution if there's a good reason.)

CD works even better, no write access.
But power and sound aren't really reasons to consider a HD-less 
solution, especially if you opt for a 2.5" 4200rpm hard drive 
(especially in a Micro/FlexATX forma-factor).

> Can anyone recommend a good distro for this purpose? Or, any I should 
> definitely avoid?

Floppy distros are too limited, no serious logging and absolutely no 
IDS.
Consider a CD-based firewall instead, which gives you for capabilities.
And they make the system read-only (which is both an advantage and a 
disadvantage).

Of course, a hard drive is best for a flexible solution (taking the 
write diasadvantage out of the equation).
Updates, services and configuration changes can be made on-the-fly and 
persistent.
IPCop ships with a lot of capabilites like "easy-to-view" Snort IDS 
entries (massively reducing the overhead of log checking - which you 
*must* do), and then has even more c/o add-on modules.

I've been running IPCop for years, and boringly taking the 2-5 
minutes/day to check the logs without incident ... Until 1 month ago.
Just like the majority of Windows users, spyware is a reality and 
IPCop's Snort detected one of the more problematic trojans the second it 
infected my wife's system
(and she is a really careful Internet user).
2,400 miles away, I had my wife shut down her system until I count get 
back.

I evetually had to reload (the trojan killed the IPStack when AdAware 
removed it).
But that was still better than that damn trojan sniffing my network.
Checking logs might not be optional, but a full IDS canned in a 
web-viewable summary form that catches 98 percent is better than 0.
IMHO, IPCop is the best balance between choosing "information overload" 
(i.e. lots of logging) and assumed protection and total ignorance.

It's not of matter if you're going to be hacked, but when.
You *need* to know *when*.
Otherwise just ask Valve, they didn't know they were hacked until 2 
months later when the Half-Life 2 source code showed up on UseNet.

You may not think anything you have is of value, but any key info done 
on your PC can be captured by a key logger.
Trust me, algorithms to catch and reduce logs to such key data are easy 
(e.g., I've been involved with HIPAA and other projects at key financial 
institutions).

--
Bryan J. Smith   mailto:b.j.smith@ieee.org
Currently Mobile

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.