Note:
This thread is compile from the original thread solely as a guide. No posting is allowed. Please PM me if you have any great guides or comments to share or post at the orginal thread.
Now you can have a home-made security appliance, using spare home computers!
This guide implements the Astaro Security Gateway V6 software. The Astaro Security Gateway software is implemented on the Astaro line of hardware security appliances. The good news is that this Gateway software can be installed in ordinary home computers!
Astaro Security Gateway is ABSOLUTELY FREE for home users. You don't even have to fork out a single cent!
However, if you use it in a commercial or profit-generating environment, you are required to purchase a license.
Processor: Pentium II or compatible (up to 100 users)
Processor: Pentium III or compatible (above 100 users)
256 MB RAM
8 GB IDE or SCSI hard drive
Bootable IDE or SCSI CD-ROM drive
2 or more PCI Ethernet network cards
If you have a spare PC collecting dust somewhere, you can put it to good use now!
Please refer to PAGE 23 of the manual for an idea of how you want to arrange your network layout.
As in the example configuration shown on Page 23 of the manual,
(1) One network card should be connected to your hardware router, which will lead to the outside world, the Internet.
(2) An ethernet switch should be connected to the 2nd network card. This will serve as your internal network. Connect all your internal computers to this switch. An ethernet switch could be bought cheaply for $20. You can also substitute a switch with an ethernet hub, which may cost as low as $5. However, a hub is not as good as a switch.
(3) If you want to setup a web server, a ftp server and/or an email server, you need a third network card. You also need a 2nd ethernet switch. Connect all the servers to this 2nd switch. This will function as the Demilitarized Zone (DMZ). If you do not want to setup any servers, then the third network card and the 2nd ethernet switch is not required.
6. Configuring the home-made security appliance (Browser configuration)
7. Finally, you *must* read the 434-page manual to correctly configure the security appliance. An incorrectly configured security appliance is as good as useless. Having said that, I am going to read the 434-page manual as well.
I am not a networking guru. I hope networking experts here can share with us some configuration tips and their insights after trying out the Astaro Security Gateway software.
Snort is not really an 'appliance' if that's what it is called.. its a system but still requires the os. Smoothwall (www.smoothwall.org) and ClarkConnect (www.clarkconnect.com) are stripped down linux kernels which are standalone, same as the Astaro, just need to grab the iso and install then configure. Another one is IPCop (www.ipcop.org) which is a fork of Smoothwall.
ClarkConnect is a powerful yet easy-to-use software solution that transforms off-the-shelf PC hardware into a dedicated Internet gateway and server. The software is a secure, reliable and cost effective solution.
The Vyatta OFR provides an open-source alternative to proprietary, closed-source routing products. The OFR delivers several critical benefits to users including: lower total cost of ownership, improved security, and the flexibility to easily integrate additional functionality into the system.
The OFR software runs on industry-standard x86 hardware and includes support for commonly used network interfaces, and industry-standard routing protocols and management protocols, resulting in an enterprise-class routing platform. Unlike previous open-source routing projects, all these features are configurable via a single command-line interface (CLI) or web-based graphical user interface (GUI). This integrated functionality makes the OFR ideal for small enterprise offices and branch offices of larger enterprises.
Channels
TECH GUIDES
