Home-Made VPN Firewall & Intrusion Prevention Security Appliance Guides

Status
Not open for further replies.

freakZ

Senior Moderator
Senior Moderator
Joined
Sep 14, 2000
Messages
9,805
Reaction score
0
Note:
This thread is compile from the original thread solely as a guide. No posting is allowed. Please PM me if you have any great guides or comments to share or post at the orginal thread.

=======================================================

Ever envious of security appliances found only in corporate enterprises?

Example:

http://www.cisco.com/en/US/products/ps6120/prod_brochure0900aecd80402ef4.html

Now you can have a home-made security appliance, using spare home computers!

This guide implements the Astaro Security Gateway V6 software. The Astaro Security Gateway software is implemented on the Astaro line of hardware security appliances. The good news is that this Gateway software can be installed in ordinary home computers!

Astaro Security Gateway is ABSOLUTELY FREE for home users. You don't even have to fork out a single cent!

However, if you use it in a commercial or profit-generating environment, you are required to purchase a license.

You can get a free home use license here:

https://my.astaro.com/login.php

It is also known as Astaro Security Linux, and consists of both Open Source and commercial code.

http://freshmeat.net/projects/asl/

The hardware requirements are:

Processor: Pentium II or compatible (up to 100 users)
Processor: Pentium III or compatible (above 100 users)
256 MB RAM
8 GB IDE or SCSI hard drive
Bootable IDE or SCSI CD-ROM drive
2 or more PCI Ethernet network cards

If you have a spare PC collecting dust somewhere, you can put it to good use now!

Home-made Security Appliance Installation Steps
==================================

1. Download the software:

https://my.astaro.com/download/mirrors.php

Select version 6.1.103 ISO file and download it.

2. Burn the ISO file you have just downloaded to a CD-R/W using a CD Writer.

3. Place the CD-R/W inside a bootable CD-ROM drive on the spare home computer that you want to make it as a security appliance.

4. Restart the computer. Make sure the First Boot Device is set to CD-ROM in the BIOS Setup.

5. Further installation steps. See screenshots below [Large Pictures].
 
Last edited:

freakZ

Senior Moderator
Senior Moderator
Joined
Sep 14, 2000
Messages
9,805
Reaction score
0
060804125100ow2.jpg


060804125136bk5.jpg


060804125149qh2.jpg


060804125205li9.jpg
 

freakZ

Senior Moderator
Senior Moderator
Joined
Sep 14, 2000
Messages
9,805
Reaction score
0
This completes the security appliance installation on your spare home computer.

SECURITY APPLIANCE DEPLOYMENT
==============================

Please refer to PAGE 23 of the manual for an idea of how you want to arrange your network layout.

As in the example configuration shown on Page 23 of the manual,

(1) One network card should be connected to your hardware router, which will lead to the outside world, the Internet.

(2) An ethernet switch should be connected to the 2nd network card. This will serve as your internal network. Connect all your internal computers to this switch. An ethernet switch could be bought cheaply for $20. You can also substitute a switch with an ethernet hub, which may cost as low as $5. However, a hub is not as good as a switch.

(3) If you want to setup a web server, a ftp server and/or an email server, you need a third network card. You also need a 2nd ethernet switch. Connect all the servers to this 2nd switch. This will function as the Demilitarized Zone (DMZ). If you do not want to setup any servers, then the third network card and the 2nd ethernet switch is not required.


6. Configuring the home-made security appliance (Browser configuration)

01tg1.jpg


02kn1.jpg


03xk8.jpg


04fg6.jpg
 

freakZ

Senior Moderator
Senior Moderator
Joined
Sep 14, 2000
Messages
9,805
Reaction score
0
30zx0.jpg


31dk5.jpg



7. Finally, you *must* read the 434-page manual to correctly configure the security appliance. An incorrectly configured security appliance is as good as useless. Having said that, I am going to read the 434-page manual as well.

I am not a networking guru. I hope networking experts here can share with us some configuration tips and their insights after trying out the Astaro Security Gateway software.

---End of Guide---
 

freakZ

Senior Moderator
Senior Moderator
Joined
Sep 14, 2000
Messages
9,805
Reaction score
0
Snort is not really an 'appliance' if that's what it is called.. its a system but still requires the os. Smoothwall (www.smoothwall.org) and ClarkConnect (www.clarkconnect.com) are stripped down linux kernels which are standalone, same as the Astaro, just need to grab the iso and install then configure. Another one is IPCop (www.ipcop.org) which is a fork of Smoothwall.

Features list of smoothwall:

http://www.smoothwall.net/products/comparison.gpl.php

Smoothwall Express 2.0 is entirely open source, free for use anywhere.

===================================================

What is ClarkConnect?

ClarkConnect is a powerful yet easy-to-use software solution that transforms off-the-shelf PC hardware into a dedicated Internet gateway and server. The software is a secure, reliable and cost effective solution.

Features:

http://www.clarkconnect.com/info/features.php

Hardware Requirements:

http://www.clarkconnect.com/info/requirements.php

Screenshots:

http://www.clarkconnect.com/info/screenshots.php

Download Time!

http://www.clarkconnect.com/downloads/

Remember to download the Home Edition. The Home Edition is free for home use. The Office and Professional Editions require you to purchase a license.

The home edition download is 377 MB.

===================================================

IP COP is entirely open source, there are no commercial versions. This means that you could use it anywhere.

Screenshots of IP COP:

http://www.ipcop.org/modules.php?op...PCopScreenshots

IP COP 1.4.10 is the latest version as of now.

Download Time!

http://www.ipcop.org/modules.php?op...wdownload&cid=3
 

freakZ

Senior Moderator
Senior Moderator
Joined
Sep 14, 2000
Messages
9,805
Reaction score
0
Vyatta Open Source Router, interview:

>> http://searchopensource.techtarget.com/qna/0,289202,sid39_gci1204142,00.html

From their homepage:
The Vyatta OFR provides an open-source alternative to proprietary, closed-source routing products. The OFR delivers several critical benefits to users including: lower total cost of ownership, improved security, and the flexibility to easily integrate additional functionality into the system.

The OFR software runs on industry-standard x86 hardware and includes support for commonly used network interfaces, and industry-standard routing protocols and management protocols, resulting in an enterprise-class routing platform. Unlike previous open-source routing projects, all these features are configurable via a single command-line interface (CLI) or web-based graphical user interface (GUI). This integrated functionality makes the OFR ideal for small enterprise offices and branch offices of larger enterprises.

>> http://www.vyatta.com/products/

Contributed by cci[RR]us
 
Status
Not open for further replies.
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Terms of Service for more information.
Top