Book Image

Configuring IPCop Firewalls: Closing Borders with Open Source

Book Image

Configuring IPCop Firewalls: Closing Borders with Open Source

Overview of this book

IPCop is a powerful, open source, Linux based firewall distribution for primarily Small Office Or Home (SOHO) networks, although it can be used in larger networks. It provides most of the features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way. This book is an easy introduction to this popular application. After introducing and explaining the foundations of firewalling and networking and why they're important, the book moves on to cover using IPCop, from installing it, through configuring it, to more advanced features, such as configuring IPCop to work as an IDS, VPN and using it for bandwidth management. While providing necessary theoretical background, the book takes a practical approach, presenting sample configurations for home users, small businesses, and large businesses. The book contains plenty of illustrative examples.
Table of Contents (16 chapters)
Configuring IPCop Firewalls
Credits
About the Authors
About the Reviewers
Preface
7
Virtual Private Networks
11
IPCop Support

Monitoring the Logs


An intrusion detection system on its own isn't any good whatsoever; it needs a set of eyes to look over the logs and take action or some sort of automated notification system. IPCop's web interface provides a primitive first look at what is going on in the network.

This can be found under the Logs IDS Logs menu option as shown in the following figure:

The log screen defaults to today's date and gives us some interesting information. Today on December 20th 381 rules were activated, meaning that Snort noticed 381 possible attacks on the network. This number is abnormally high as the data was generated artificially by the author, but generally you would expect to see a few rules activated per day depending on the size of your network. Home users should expect to see a lot of port scans and automated worm attacks for example. If we take a closer look at one of the rules, we can see what Snort has shown us in the logs.

Date:12/20 12:51:41 Name:SNMP request udp

Priority...