Building a Linux Network Appliance, Part 3
Building the Firewall
You probably already know that a firewall is an essential component in your network border security. But you may not know that a Linux-based iptables firewall is especially robust and configurable. Today we'll set up system administration using Webmin, and in our next installment we'll create a good stout Internet-connection sharing firewall.
It's important to keep in mind that a firewall is only a single piece of your security architecture. It's equally important to pay attention to your application-level and operating system security. Linux/Unix hosts can be locked down to the point that a firewall is not necessary. But Windows cannot, and Mac OS X is still an unknown.
If there are Windows hosts on your network, your work is cut out for you. A firewall blocks only Internet attacks; it does not stop e-mail- or Web-browser-borne malware. It does not prevent users from installing garbageware, it does not tell you when corporate malware finds a home on your systems, and it does not prevent known malware-friendly applications such as Outlook, Outlook Express, and Internet Explorer from happily inviting cooties into your network.
The Internet is infested with botnets comprised primarily of millions of compromised Windows systems that are polluting the world with spam, phishes, malware and all manner of criminal frauds. Connecting a Windows PC to the Internet is like dressing in hundred-dollar bills and taking a walk in a bad neighborhood. Other platforms have vulnerabilities, but not nearly to the same degree. This series does not cover application or operating system security, so please consult our list of Resources for helpful links.