Build your own feature-rich firewall

January 22, 2015
blog

Small and medium enterprises do not necessarily require high-end expensive firewalls or a sizable IT security team. There are feature-rich and powerful Free and Open Source tools that can convert an average server, or even a desktop, into an autonomous firewall that can detect attacks and defend networks.

There are plenty of network security-related tools out there. But when it comes to building your own security, it is usually better to rely on Free and Open Source software tools as opposed to free-to-use closed source software. The community around many of the indispensable Free and Open Source tools is a crucial asset, which provides comprehensive documentation and casual support (caution about the casual nature of support). Also, the transparency of code and the quick bug fixes for popular Free and Open Source Software is a winner.

The Recipe

Firewall is any software running either on dedicated hardware or a personal computer, which can to some degree fend off network attacks. Based on this definition, we look at how a feature-rich firewall can be configured without having to buy one!

Hardware

A simple server, or an adequately performing personal computer with at least two network cards can be used to build a custom firewall, to be placed at the border between the external network (usually the Internet) and internal network (usually the LAN).

As most of the popular network security tools are Free and Open Source, they are native to Linux/Unix based environments. The hardware can run one of the popular Linux-based operating systems. A wide choice ranging from Debian, Fedora, Ubuntu or any other operating system can be installed. This is all the hardware and base software required to get your custom firewall up and running.

Securing a network is in many ways similar to taking care of one’s health: monitor, prevent, detect and cure, is the safe procedure for staying healthy.

Likewise, networks need to be constantly monitored for their well-being – to see if all essential functions are being performed as desired, and more importantly to detect any anomalies.

Monitoring

The first and foremost tool in securing a network is to be able to sniff and probe the traffic traversing through the network. A tool that can analyse all packets, to check if the packets are adherent to the standard protocols. The ubiquitous choice to sniff network traffic is the powerful command-line tool TCPDUMP. This omnipotent sniffing tool has an attractive enhancement with a comprehensive user interface called Wireshark.

Prevention

There are many known harmful packets, that are of no use except to create trouble. These packets can trigger avalanche of sorts and bring down the network. For instance, the seemingly naïve ICMP (ping) packet with a certain abused field can cause the popularly known Death Ping attack, which can choke the target machine on the network. These types of packets can be preemptively discarded when they try to enter your enterprise infrastructure. To be able to do this, a rule list can check if the packets are harmful and can be discarded.

Again, a ubiquitous tool that has an arsenal of rules and flexibility to prevent harmful packets is IPTABLES.

Detection

When tools like Iptables are used, fixed rules are made which cannot handle packets that are dynamically exploiting resources in the network. There can be attacks caused by packets pretending to be normal, but which can transform into harmful packets as the connection progresses. In scenarios like this, where the mythological Trojan Horse is evoked to capture the intrusion, Intrusion Detection Systems (IDS) can be of imminent help.

SNORT is the Free and Open Source tool which is widely deployed to handle intrusions. IDS like SNORT are inherent in many high-end firewalls. By accurately configuring your custom firewall, many advanced features can be implemented in the firewall.

Curing

Unlike human bodies, curing a network attack can leave behind irreparable damages. It is best to fend off attacks. But in the worst case of an attack that has gained access to the network, quarantining already compromised portions of networks is the first and essential step. By isolating regions of network that have been compromised, the attack can be contained. As a last step, open source anti-virus software like Clam AV can be used to shield end-user devices.

The aforementioned Free and Open Source tools are powerful; when configured accurately, they can bundle up and serve as an adequate firewall. As with all security practices, this would require expertise for accurate configuration. If your network is vast, and there is no expertise, it is needless to say that procuring necessary firewall or consulting experts is essential.

Tags:

Related Post