PacktLib: Configuring IPCop Firewalls: Closing Borders with Open Source

Configuring IPCop Firewalls

About the Authors

About the Reviewers

Introduction to Firewalls

An Introduction to (TCP/IP) Networking

The Purpose of Firewalls

How Networks are Structured

Traffic Filtering

Other Services Sometimes Run on Firewalls

Introduction to IPCop

Free and Open Source Software

The Purpose of IPCop

The Benefits of Building on Stable Components

The Gap IPCop Fills

Features of IPCop

Virtual Private Networking

Deploying IPCop and Designing a Network

Trust Relationships between the Interfaces

Altering IPCop Functionality

Topology One: NAT Firewall

Topology Two: NAT Firewall with DMZ

Topology Three: NAT Firewall with DMZ and Wireless

Planning Site-To-Site VPN Topologies

Installing IPCop

Hardware Requirements

Other Hardware Considerations

The Installation Procedure

Green Interface Configuration

Basic IPCop Usage

The System Menu

Checking the Status of Our IPCop Firewall

Firewall Functionality

Intrusion Detection with IPCop

Introduction to IDS

Introduction to Snort

Do We Need an IDS?

How Does an IDS Work?

Using Snort with IPCop

Monitoring the Logs

Log Analysis Options

What to Do Next?

Virtual Private Networks

Managing Bandwidth with IPCop

The Bandwidth Problem

The HTTP Problem

The Solutions: Proxying and Caching

Introduction to Squid

Configuring Squid

Cache Management

Managing Bandwidth without a Cache

Customizing IPCop

Firewall Addons Server

Testing, Auditing, and Hardening IPCop

Security and Patch Management

Basic Firewall Hardening

Advanced Hardening

Logfiles and Monitoring Usage

Usage and Denial of Service

Where to Go Next?