[clug-talk] IPCop

Shawn sgrover at open2space.com
Fri Jun 12 12:54:40 PDT 2009 

The IPCop is both a router AND a firewall.

The phrase "firewall" has been abused by corporations to mean "a device 
sitting between you and the internet that filters all bad traffic".  So 
you end up with SonicWall's, Cisco Firewalls, etc.  The corporations are 
pushing their product.

In reality, a firewall is just like network security - it is a series of 
layers of defences.  Relying on a single device to protect you can only 
get you so far.  (do you leave your house unlocked if you have a fence 
around the house - that's what these "firewall" devices advocate.)

With regards to filtering, a decent router will immediately reduce the 
amount of traffic that needs to be filtered.  From there you standard 
anti-virus/malware/spam tools should take care of the remainder.

There are some options within IPCop that will reduce this even more 
(intrusion detection, etc.).

If you have a larger network where you don't get to control access to 
the boxes you care about, then perhaps adding another layer after the 
router (IPCop) to do further filtering.

For example:

   Internet - IPCop - XXXXX - Switch/Hub - Servers/Workstations

Where the XXXX is a box that will do further filtering for you - 
Spamassasin, antivirus, etc.

In practice, I have been running IPCop for 5+ years, and have 
occasionally played with the Intrusion Detection, but have no other 
specialized filtering.  Whatever filtering I need is handled by my mail 
server, mail client, and web servers.  But I also run Linux on all my 
boxes.  (Well, the roomie has a Windows laptop she complains about a 
lot, but that's HER's to take care of)  So, my network diagram is the 
same as above, but without the XXXXX layer.

(btw, I'm talking from a small network perspective here - things change 
when you grow to larger networks or volumes)

Shawn

Joe Shuttleworth wrote:
> Thanks for the input. It looks like installing IPCop is best on a separate 
> computer.
> I have a P3 I could use. I was just wondering how much power it would use to 
> have another computer running ?
> 
> Would using a router give enough protection or would I need a firewall?
> 
> Thanks
> 
> _______________________________________________
> clug-talk mailing list
> clug-talk at clug.ca
> http://clug.ca/mailman/listinfo/clug-talk_clug.ca
> Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
> **Please remove these lines when replying

More information about the clug-talk mailing list