Firewalls

Discussion in 'Computer Science & Culture' started by Stryder, Aug 13, 2009.

Thread Status:
Not open for further replies.
  1. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    So a couple of weeks ago I was charged with setting up a firewall for a business. I pretty much knew which operating system I wanted to use because of stability (one of the BSD range). When I eventually got round to loading a system though, I was blitzed by my 4 year absense to the OS. I couldn't make head nor tail of what ports I needed, or how to configure the components I wanted. I knew that considering that I wouldn't be the only admin, I would likely require to get a GUI setup on the box because their other admin(s) might not be so adventurous with just a commandline.

    I spent a couple of days attempting to load the system and it got closer and closer to the deadline I'd offered. A sudden air of panic occured that I wouldn't get it implimented on time. With that one instance I looked to how long the install was taking and questioned "There has to be a quick fix for what I'm after. Perhaps an already configured kernel? perhaps a live CD?"

    With a quick search, I found PFSense a Freebsd based Firewall that could be loaded on a Live disc. My hours of pratting around trying to get a system fully configured went from days (since the box I was using was low speed) to a couple of hours tops.

    In fact it seems the development team has done awsome job on the project in regards to making it easy to configure and there are a few additional packages that can be added to make the firewall server do so much more.

    I mention it here because I'm obviously pretty impressed with this build, but do any of you know of any other firewall servers out there and are you equally as impressed?
     
  2. Google AdSense Guest Advertisement



    to hide all adverts.
  3. §outh§tar is feeling caustic Registered Senior Member

    Messages:
    4,832
    Not totally related but how/where did you learn how to set up a firewall, in case some of us would be curious to learn?
     
  4. Google AdSense Guest Advertisement



    to hide all adverts.
  5. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    Learning how to impliment a firewall is an ongoing process, there are still alot of things I learn on the way.

    Obviously you'd probably like a long list of bookmarks to specific websites, the problem is there is no definitive guide. In fact the PFSense wiki entries are far and few between, which basically means I end up having to search for other howto's/tutorials to debug any problems I have had with it. Much like I would with any other software/hardware that would take it's place.

    The problem with computers and networking in general is that it's not as simple as painting a picture which is just a single canvas with paints, instead it's like painting on a canvas, having to do some woodshop, some metalwork, some engineering, flying a kite and patting your head and rubbing your tummy all at the same time. (It's daunting, which is why there are never any definitive tutorials)

    Incidentally the Metaphor used, is something to understand with other than stating that different computers run different servers/services on different ports using different protocols, that can occasionally conflict with one another if not the firewall and to get them all working in harmony might require either complete reconfigurations of systems or sacrificing those reconfigurations for less security.

    [Anecdote]
    Like a recent network issue I had to resolve with a network printer's admin password had been lost, the printer was needed on the network, the network was rigged with a different IP range. There were a few potential methods of dealing with the problem:
    • Ask the person who put the password on Network Printer (This was Impossible, The printer was bought from a liquidated company and their old staff had scattered to the four winds.)
    • Search the internet for a way to reset the admin password (Eventually found one on a forum, however I didn't find it through a search straight away because the printer itself was actually a "generic build" which was then "branded" by different companies, making it difficult to trace information down until I searched information on a manufacturer name from a Firmware debug output.)
    • Change the network subnetmask to handle the different IP range. (It mean't opening the number of potential I.P. addresses up, which in turn caused other network problems like NetBIOS subnet polling, which in short slowed up logging in on some computers that were setup for network logins which alot of complaints were made about. This option was used as a temporary measure while the search continued on how to reset the admin account)
    • Reconfiguring the entire network range to suit the printer. (This could of caused more problems later, afterall if you have to rework everything around one peripheral, what would happen if in the future you get another peripheral in a completely different range with the same admin problem? Simply put, this was a no go because the problem had to be resolved to smooth any future expansions.)

    From this all I can suggest is: when ever you tackle a problem, work out the many avenues of approach to tackling it, weigh up the benefits and weaknesses of those you find. Deploy short term uses only while trying to fathom the long term solution, never deploy a short term solution and give up on finding a long term solution as this will leave security issues (on computers or programming) or future conflicts/problems to be addressed.
     
  6. Google AdSense Guest Advertisement



    to hide all adverts.
Thread Status:
Not open for further replies.

Share This Page