We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
When our home LAN graduated to a 24x7 Internet connection, my Linux box became the firewall and the router. I liked the ability to customize the firewall, and by using Snort I could keep an eye on the barbarians at the . . .
Proxy servers were originally developed to cache frequently accessed web pages for computersbehind a common Internet connection. In the early days of the Internet, wide area links were veryslow, the Web was relatively small, and web pages were static. The entire . . .
Most people, when creating a Linux firewall, concentrate soley on manipulating kernel network filters: the rulesets you create using userspace tools such as iptables (2.4 kernels,) ipchains (2.2 kernels,) or even ipfwadm (2.0 kernels). However there are kernel variables -- . . .
There are literally hundreds of firewall products available, and there are different theories from different security experts on how firewalls should be used to secure your network. This article will explore the operation of a generic firewall in detail, outline the important features you need in a firewall, and discuss how firewalls should be deployed in networks of any size.. . .
From the title it may seem that Personal Firewalls for Administrators and Remote Users was written for administrators and users of business networks. However, as more people take advantage of "always on" Internet connections, they are becoming de facto administrators. Remote . . .
Ste Jones submits By using openBSD's packet filter pf one can utilize the NAT address pools added into OpenBSD 3.3 to aid in distributed port scanning. As the text explains NAT can be used in a large network . . .
Hackers have computers too and want to keep their own machines free of intrusion from the Internet. Paradoxically, these computers may be the most secure computers on the Internet, because the hackers use free software that they can examine for security . . .
NetBSD's itojun has ported PF (openbsd packet filter) to netbsd-current as of today as a patch. He says that presently it does not support (interface) syntax and ip_off/ip_len endian flipping needs testing. His ultimate goal is to replace ipsec policy engine . . .
Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand. This would allow them to terminate connections such as SSH tunnels or VPNs left in place by employees over night, abort hacker attacks . . .
It seems as though the operating system that helped to create the embedded Linux marketplace, the Linux Router Project (LRP), is dead. The website provides more details. . .
How important is a firewall's throughput? According to Check Point Technologies' Mark Kraynak, price performance -- the amount of throughput an enterprise gets versus the dollars it spends -- is more important than top-end throughput.. . .
Firewalls are the cornerstone of Internet security, and for small businesses that might not have in-house security expertise, shopping for one can be difficult. But without a firewall, no one in an organization should be accessing the Internet. How do . . .
Last week in Part 1 we began uncovering some of the mysteries of tables and chains, and how to build iptables rules. This week we will dig more into writing rules for basic firewalling, sharing an Internet connection, and scripting. . .
This highly detailed 101-page how-to article provides the necessary background and procedures to turn a SEGA Dreamcast gaming console into a Linux-based software router with firewalling and virtual private networking capabilities. The article explains how to create the necessary toolchain for compiling both programs and the Linux kernel, and shows how, starting from scratch, you can build a Linux operating system that runs entirely in memory.. . .
That's the rallying cry of Bennett Haselton's advocacy group, Peacefire, founded to preserve the rights of young people to surf an unfiltered Web. The group's preferred method? Sabotaging the software ostensibly designed to protect kids. Haselton and his group may . . .
Chris Lowth submits squidGuard describes itself as: "An ultrafast and free filter, redirector and access controller for Squid". In my experience, it is the ideal web filter for use with Smoothwall since it is lightweight and easy to set . . .
When setting up IPTABLES firewalling for Linux systems running the NFS service (network file system), you hit the problem that some of the TCP/IP and UDP ports used by components of the service are randomly generated as part of the "SunRPC" mechanism. . .
Packet Filter (from here on referred to as PF) is OpenBSD's system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic and providing bandwidth control and packet prioritization. PF has been a part of the GENERIC OpenBSD kernel since OpenBSD 3.0. Previous OpenBSD releases used a different firewall/NAT package which is no longer supported.. . .
Johannes Faustus submits, Steven M. Bellovin (co-author of the classic and recently re-published Firewalls and Internet Security: Repelling the Wily Hacker) has an interesting paper on detecting NATs (Network Address Translation setups) and counting the hosts behind the NAT box.. . .
Check Point Software Technologies has the largest market share of any firewall vendor with their Firewall-1 (FW-1) product, and Nokia manufactures several hardware appliances together with an operating system called IPSO to run FW-1. IPSO is based on FreeBSD, provides advanced . . .
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
