Admin Digest: The Basics of Linux Network Security - page 5
A firewall is a device that protects a private network from the wider Internet. The simplest form of firewall is a Linux machine with one network connection ( an Ethernet card or modem ) connected to the Internet and the other connected to the private network. The Firewall computer can reach the protected network and the Internet. This traffic between the protected network and the Internet is controlled, in both directions by a list of rules. These rules can be customized for your needs. CoyoteLinux.com has a firewall system that fits on a floppy and doesn't need a hard disk to run. It's design specifically to address the need for an easy to install no-nonsense Linux firewall.You might take a look at running a hardware firewall appliance. These devices are small routers or switches that have built-in firewalls. They generally allow limited setup of rules to allow packets to pass back and forth. They don't provide as much flexibility for rules as dedicated Linux firewalls. Usually the availability is good with some even being equipped with four or more RJ-45 ports and a wireless access point, all for around $100.
All data flowing to and from the Internet and the private network is filtered by the firewall. Inside the private network less care needs to be taken with turning off services and the like. It is a way of concentrating effort on making one machine secure and protecting many others in the process. The methods for correctly setting up firewalls are quite complex. First you have to configure your machine for two Ethernet cards. Then you have to use the IP-chains/IP-tables software to set up filters which connect the two Ethernet cards data links.
The main drawback with making your systems more secure is that they become less accessible. The idea behind ramping up your system's security is to stop use of your computers, by crooks, thieves and malcontents. Before implementing any of the ideas in this article you should consider carefully the opposite side of the coin: the systems are there to be used by your users! Linux has a wide range of security tools and by carefully combining various techniques and programs, you should be able to come up with a good balance between ready access and system security.
Rob Reilly (aka: "Dr. Torque") is a senior technology consultant, whose work includes Linux, business integration, innovation training and occasional hot rodding excursions. He frequently writes and speaks about these and other topics. He has 16 years experience in the high technology, manufacturing and the utilities industries. He is always 'on-the-lookout' for stories and projects that focus on Linux, business and the cutting edge. Send him a note or visit his web site at http://home.cfl.rr.com/rreilly.