Book Image

Configuring IPCop Firewalls: Closing Borders with Open Source

Book Image

Configuring IPCop Firewalls: Closing Borders with Open Source

Overview of this book

IPCop is a powerful, open source, Linux based firewall distribution for primarily Small Office Or Home (SOHO) networks, although it can be used in larger networks. It provides most of the features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way. This book is an easy introduction to this popular application. After introducing and explaining the foundations of firewalling and networking and why they're important, the book moves on to cover using IPCop, from installing it, through configuring it, to more advanced features, such as configuring IPCop to work as an IDS, VPN and using it for bandwidth management. While providing necessary theoretical background, the book takes a practical approach, presenting sample configurations for home users, small businesses, and large businesses. The book contains plenty of illustrative examples.
Table of Contents (16 chapters)
Configuring IPCop Firewalls
Credits
About the Authors
About the Reviewers
Preface
7
Virtual Private Networks
11
IPCop Support

How Does an IDS Work?


NIDS in general, and Snort specifically, are run on devices that have the ability to monitor as much of the network as possible, generally on or near a gateway device, (as in the case of IPCop) or on some sort of monitoring port on a switch (SPAN/Mirror ports). The NIDS then sets up the network card or cards on the device to work in promiscuous mode meaning they will pass packets up through the network stack whether or not they are destined for the machine. This is important as a NIDS will often be monitoring machines other than itself. The NIDS on the host will then take these packets and have a look at the data payload (and sometimes the headers as well) to see if it notices anything malicious. This may sound like artificial intelligence as the NIDS just sits there thinking to itself about packets passing by; it's actually quite a lot simpler than that!

Every day exploits, viruses, worms, spyware, and other malicious software generate network traffic, and this traffic...