Thursday, October 14, 2010

IPCop Revisited once again...

There are ongoing problems with Snort IDS not updating on IPCop.  So I thought I would try out Smoothwall instead.  Smoothwall installed much faster and easier than IPcop.  There were almost no questions that required a lot of technical knowledge.  then menus in Smoothwall are arranged differently and took a little getting used to.  Then the problems started.  I could not even get IDS to turn on in Smoothwall.  I have been watching a virus infected computer trying to ensure that the virus had been completely removed and so having no IDS was simply not an option. 

Also when I enable the email virus filter it blocked ALL of my email as containing a virus.  This was not
acceptable either, so although Smoothwall is much easier to install it is not as usable as IPCop, and will not be
used by me at this point.

Here is a simple diagram on how IP cop is setup up as an Internet server and a firewall.



I thought I would include some IPCop configuration screens so you can see how they should look.  Notice that I do nut use VPN, I do not like to put a hole through my firewall unless the boss absolutely demands it!
  Most of the time you will want DNS to be set up and running.  Sometimes you have a file server that does the DNS thing instead.

 Then there is the Web proxy server.  This is needed in order to log who is accessing what.  It also speeds up the Internet a little by serving some pages from its cache.

 Next is enabling the time server.  This helps to keep all of your computers synchronized to the same time.



Some say that enabling IDS on Red is just a waste of time because it only tells you that you are under attack, but that is a given being connected to the Internet.  However it has been telling me that someone out there is trying to access the formerly infected computer, so IMO it is very useful! 


I do not know if configuring a static DNS is necessary, and if so what one do you use?

No comments: