HWZ Forums

Login Register FAQ Mark Forums Read

Home-Made VPN Firewall & Intrusion Prevention Security Appliance Guides

Like Tree15Likes
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
  • 1 Post By freakZ
Share This Page
HardwareZone.com on Facebook
Closed Thread
 
LinkBack Thread Tools
Old 04-08-2006, 08:15 PM   #1
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070
Home-Made VPN Firewall & Intrusion Prevention Security Appliance Guides

Note:
This thread is compile from the original thread solely as a guide. No posting is allowed. Please PM me if you have any great guides or comments to share or post at the orginal thread.

=======================================================

Ever envious of security appliances found only in corporate enterprises?

Example:

http://www.cisco.com/en/US/products/...d80402ef4.html

Now you can have a home-made security appliance, using spare home computers!

This guide implements the Astaro Security Gateway V6 software. The Astaro Security Gateway software is implemented on the Astaro line of hardware security appliances. The good news is that this Gateway software can be installed in ordinary home computers!

Astaro Security Gateway is ABSOLUTELY FREE for home users. You don't even have to fork out a single cent!

However, if you use it in a commercial or profit-generating environment, you are required to purchase a license.

You can get a free home use license here:

https://my.astaro.com/login.php

It is also known as Astaro Security Linux, and consists of both Open Source and commercial code.

http://freshmeat.net/projects/asl/

The hardware requirements are:

Processor: Pentium II or compatible (up to 100 users)
Processor: Pentium III or compatible (above 100 users)
256 MB RAM
8 GB IDE or SCSI hard drive
Bootable IDE or SCSI CD-ROM drive
2 or more PCI Ethernet network cards

If you have a spare PC collecting dust somewhere, you can put it to good use now!

Home-made Security Appliance Installation Steps
==================================

1. Download the software:

https://my.astaro.com/download/mirrors.php

Select version 6.1.103 ISO file and download it.

2. Burn the ISO file you have just downloaded to a CD-R/W using a CD Writer.

3. Place the CD-R/W inside a bootable CD-ROM drive on the spare home computer that you want to make it as a security appliance.

4. Restart the computer. Make sure the First Boot Device is set to CD-ROM in the BIOS Setup.

5. Further installation steps. See screenshots below [Large Pictures].
newkidontheblock likes this.

Last edited by freakZ; 04-08-2006 at 08:41 PM..
freakZ is offline  
Old 04-08-2006, 08:17 PM   #2
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:17 PM   #3
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:17 PM   #4
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:17 PM   #5
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:20 PM   #6
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070
This completes the security appliance installation on your spare home computer.

SECURITY APPLIANCE DEPLOYMENT
==============================

Please refer to PAGE 23 of the manual for an idea of how you want to arrange your network layout.

As in the example configuration shown on Page 23 of the manual,

(1) One network card should be connected to your hardware router, which will lead to the outside world, the Internet.

(2) An ethernet switch should be connected to the 2nd network card. This will serve as your internal network. Connect all your internal computers to this switch. An ethernet switch could be bought cheaply for $20. You can also substitute a switch with an ethernet hub, which may cost as low as $5. However, a hub is not as good as a switch.

(3) If you want to setup a web server, a ftp server and/or an email server, you need a third network card. You also need a 2nd ethernet switch. Connect all the servers to this 2nd switch. This will function as the Demilitarized Zone (DMZ). If you do not want to setup any servers, then the third network card and the 2nd ethernet switch is not required.


6. Configuring the home-made security appliance (Browser configuration)







newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:20 PM   #7
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:21 PM   #8
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:21 PM   #9
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:21 PM   #10
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:22 PM   #11
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:22 PM   #12
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070






newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:23 PM   #13
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070





7. Finally, you *must* read the 434-page manual to correctly configure the security appliance. An incorrectly configured security appliance is as good as useless. Having said that, I am going to read the 434-page manual as well.

I am not a networking guru. I hope networking experts here can share with us some configuration tips and their insights after trying out the Astaro Security Gateway software.

---End of Guide---
newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 08:28 PM   #14
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070
Snort is not really an 'appliance' if that's what it is called.. its a system but still requires the os. Smoothwall (www.smoothwall.org) and ClarkConnect (www.clarkconnect.com) are stripped down linux kernels which are standalone, same as the Astaro, just need to grab the iso and install then configure. Another one is IPCop (www.ipcop.org) which is a fork of Smoothwall.

Features list of smoothwall:

http://www.smoothwall.net/products/comparison.gpl.php

Smoothwall Express 2.0 is entirely open source, free for use anywhere.

===================================================

What is ClarkConnect?

ClarkConnect is a powerful yet easy-to-use software solution that transforms off-the-shelf PC hardware into a dedicated Internet gateway and server. The software is a secure, reliable and cost effective solution.

Features:

http://www.clarkconnect.com/info/features.php

Hardware Requirements:

http://www.clarkconnect.com/info/requirements.php

Screenshots:

http://www.clarkconnect.com/info/screenshots.php

Download Time!

http://www.clarkconnect.com/downloads/

Remember to download the Home Edition. The Home Edition is free for home use. The Office and Professional Editions require you to purchase a license.

The home edition download is 377 MB.

===================================================

IP COP is entirely open source, there are no commercial versions. This means that you could use it anywhere.

Screenshots of IP COP:

http://www.ipcop.org/modules.php?op...PCopScreenshots

IP COP 1.4.10 is the latest version as of now.

Download Time!

http://www.ipcop.org/modules.php?op...wdownload&cid=3
newkidontheblock likes this.
freakZ is offline  
Old 04-08-2006, 09:22 PM   #15
Senior Moderator
 
Join Date: Sep 2000
Posts: 9,070
Vyatta Open Source Router, interview:

>> http://searchopensource.techtarget.c...204142,00.html

From their homepage:
The Vyatta OFR provides an open-source alternative to proprietary, closed-source routing products. The OFR delivers several critical benefits to users including: lower total cost of ownership, improved security, and the flexibility to easily integrate additional functionality into the system.

The OFR software runs on industry-standard x86 hardware and includes support for commonly used network interfaces, and industry-standard routing protocols and management protocols, resulting in an enterprise-class routing platform. Unlike previous open-source routing projects, all these features are configurable via a single command-line interface (CLI) or web-based graphical user interface (GUI). This integrated functionality makes the OFR ideal for small enterprise offices and branch offices of larger enterprises.
>> http://www.vyatta.com/products/

Contributed by cci[RR]us
newkidontheblock likes this.
freakZ is offline  
Closed Thread
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Terms of Service for more information.


Thread Tools

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Samsung
Rewards