hi, I just received an old p2 laptop that I would like to use it as a linux firewall. The problem with it is that the ethernet port is broken. I do have 2 wireless nics (1pcmia and 1usb) and was wondering if I could put both of them on the laptop and still use it as a linux firewall.
Is this possible?? if it is what are some security distros that one would recommend? Smoothwall??
As an alternate the laptop already has win 2000 on it and I have tested both wireless nics on it and they work. Is there some windows security software that I could run that would act as a firewall for my network?
Man, go out and buy a wire/wireless AP router that's a packet filtering FW router and stop playing. No solution Linux or Windows will have the security features that the packet filtering FW router will have on the wireless. You should get a router that uses Wallwatcher (free) and watch the traffic to and from the LAN wire and wireless, as it can be hacked on the wireless and someone can join the network and be all over the top of the machines wired and wireless, even on a wireless router, let alone what you're trying to do.
I'm been using what is left of a 386SX laptop (no keyboard, no display, no case) as a firewall for about ten years (initially dialin only, now on cable with dialin as a backup).
I'd junk it.
It should be possible, but I'd NEVER even consider it.
Possible? Yes. Practical? No.
There are well over three hundred Linux distributions, and over a hundred tailored as firewalls. Personally, I'd use a severely striped version - remember that the firewall is built in to the kernel - and a comparitively simple script is all that is needed to control the firewall.
[compton ~]$ wc /etc/rc.d/init.d/firewall 68 284 1992 /etc/rc.d/init.d/firewall [compton ~]$
Golly-Gee GUI crap has no place on a firewall.
That's funny. Let me say it again:
Golly-Gee GUI crap has no place on a firewall. Period. NO exceptions.
I am behind a linksys router which does provide some security and I not concerned about other people hacking into my network as I am monitoring an infected machine on my network. I have one machine on my network that runs XP and remains on all of the time. My concern is that even though I have tried my best to protect it, it has been infected with spyware and rootkits.
Thus, I really only want to monitor that 1 machine on my netwwork for strange activity. I would just use a software firewall like ZoneAlarm on it but, a rootkit can theoretically get past that.
Thus from my primative understanding of security, the only sure way to monitor that computers traffic is to do with a separate computer.
Why would you not be concerned about someone hacking into the wireless side of a LAN situation and possibly being all over the machines wired, wireless, infected or not infected? That don't make a whole lot of sense.
It's called practice safehex and stop running around to dubious Web sites and opening dubious emails. You can do things like making Firefox your default browser so when you click on an unknown like, it starts instead of IE. Only use IE when a site calls for IE, but I don't follow that much myself. But I will put it out there to you. This like using Mailwasher to not allow a dubious email to reach the machine, deleting them at the pop3 server, if you want to use OE or Outlook.
For what? Why would you leave a machine on the LAN that's infected? It makes no sense. If you want to monitor a machine, then you get on top of it with the proper tools and see what's happening.
But once a machine has been compromised, then you can't trust it anymore.
You should harden the NT based O/S to attack as much as possible.
And from me to you, stay of the Internet with a machine using an account with Admin rights.
Finally, use Wallwatcher to monitor traffic for the machines connected to the Linksys router for dubious traffic with Wallwatcher (free).
Linking to offsite articles, but not even mentioning the official documentations "Windows XP/Server 2003 Security Guide" and the "Threats and Countermeasures" guide? There you'll also find reasonable benefit analysis including explanation of the default choice.
Anyway, for an in-depth discussion of TCP/IP stack hardening, one can only refer to MSDN Online together with a good grip of TCP/IP knowledge.
There are two means to hack into the network. The first is by the attacker entering via a service you are offering - such as a web, mail, or file server. The two means of defeating this is to not offer any unwanted service (a problem with systems that are configured by default to offer everything because someone _might_ find it useful), and using _any_ firewall capability to restrict access to those IP addresses that you specifically want to allow. Your wireless link[s] [is/are] a potential security hole, for the simple reason that few people bother to read the manual that comes with the units and actually implement even rudimentary security. Out-of-box configurations are not secure. Some so-called "security" features are trivial to defeat/bypass.
The second way to hack in is to have the user invite you - have them install mal-ware for you. This is the more common attack vector, because most users are unwilling to take responsibility for their own actions. Contrary to popular belief, there is no Mal-Ware Fairy that sneaks about and installs mal-ware when the user isn't looking. The user is the one doing the installs, either because they have enabled the "install anything from anywhere" mode in the web browser (which is the only piece of software they've "learned") and have clicked OK automatically, or have told the computer to NEVER SHOW THIS WARNING MESSAGE AGAIN. Users don't want to know anything about the computer or software it runs - because that is obviously to much work. The number one computer bug is mankind!
Why was the mal-ware installed by the users? Two common vectors are the user installing some Wonderfool Helper Program, so that by clicking on this icon they get taken directly to their favorite pr0n site or similar, and their insistence on enabling all scripting and "Special Features" so they can see the exact shade of crayon that some "friend" used to scrawl a message and email them - complete with animation and sounds of their dog chasing a motorcycle. If you need that style of "communication", get a video phone that is not connected to your computers.
The firewall gets bypassed because the user wants to do something st00pid and the firewall is either in the way (and gets disabled by the "Allow This Connection" button), or was never designed to block content.
Monitor? Yes. But control, that is prevention, is a whole 'nother story.