Security optimize

Try the solid, configurable firewall distribution Sphirewall

If you're looking for a firewall distribution for your small business, Sphirewall is worth a look. Jack Wallen informs you on how to install and configure the Linux-based tool.

Sphirewall is a unique firewall distribution based on Debian Linux that offers more than just standard security; out of the box, you get advanced information for your network and traffic usage as well as the ability to glance at network traffic according to user, address, device, and much more. Unlike most Linux-based firewalls, Sphirewall doesn't use iptables -- it uses a kernel module that hooks into the packet stream and passes the packets to the Sphirewall core, which tracks and manages the packets based on user-configurable rules and events.

It's incredibly easy to get Sphirewall up and running for a small business. Before I start the walk-through, please note: It is possible to install it on an already running Debian-based machine, but I highly recommend installing the Sphirewall as a dedicated machine, thus installing the entire platform.

Install Sphirewall

Download the ISO image from the Sphirewall Download page. Once you have that file, burn the image to disk. With that disk burned, place it into the server to be used and boot up.

When the splash screen opens (Figure A), you can choose between Install or Graphical Install. Both are very simple, but if you're not accustomed to the ncurses interface, select the Graphical Install option. Figure A

Use the cursor to select your option and hit Enter.

I'll walk you through the information each screen requires.

  • Screen 1: Language for the installation
  • Screen 2: Location (used to set timezone and locale)
  • Screen 3: Select keyboard mapping
  • Screen 4: Create root user password
  • Screen 5: Configure clock
  • Screen 6: Partition disks (all you have to do is select Yes and click Continue, Figure B)
Figure B

I am installing Sphirewall within VirtualBox.
  • Screen 7: Select the location for package manager (select the country closest to your location)
  • Screen 8: Further refine the location for package manager (select the nearest mirror location)

Let the system boot. When the boot process completes, log in with the following:

  • user: root
  • password: admin password created in screen 4 of the installation

Once you're logged in, issue the command ifconfig to find out the machine's ipaddress. Armed with that address, you can log in to the web-based administration console by opening a web browser on the same network and pointing it to http://IP_ADDRESS_OF_SERVER (IP_ADDRESS_OF_SERVER is the server's address). At the login prompt, log in with these credentials:

  • user: admin
  • password: admin

Once you're in the web-based management console, you need to complete these tasks:

  1. Change the admin password.
  2. Set up the networking devices.
  3. Start configuring the firewall.

Change the admin password

  1. Log in to Sphirewall.
  2. Click Authentication in the right navigation.
  3. Click the admin user.
  4. Click the Set Password checkbox.
  5. Enter the new password in both password boxes (Figure C).
  6. Click Save.
Figure C

You will receive confirmation the password has been saved. (Click the image to enlarge.)

Set up networking devices

By default, Sphirewall uses DHCP to get its IP address; this has to be changed to a static setup. To do this, follow these steps.

  1. Log in to Sphirewall.
  2. Click Network.
  3. Click Network Devices.
  4. Click the device to be configured (eth0, eth1, etc.).
  5. Enter the correct information for the device (Figure D).
  6. Click Save Interface.
Figure D

From the Network menu, you can also configure the Sphirewall to act as a DHCP server. (Click the image to enlarge.)

Configure your firewall

You will want to set up your firewall according to your company/network/user needs. But in order to make those configurations, you at least need to know where to look. Here's what to do.

  1. Log in to Sphirewall.
  2. Click Firewall.
  3. Click Rules.
  4. Click the Options Menu.
  5. Click Add Rule.
  6. Enter the necessary information in the new screen (Figure E).
  7. Click Create Rule.
Figure E

You'll need to have some knowledge of how firewalls work before you reach this point. (Click the image to enlarge.)

After you configure all of your rules, you can go back and set up BlockLists and Aliases to help further secure your network. Once Sphirewall is set up, head over to the Dashboard and the Reporting section to start monitoring how your network traffic is shaping up.

Summary

Sphirewall is a powerful tool that can enable you to enjoy a much more secure network for a fraction of the cost of proprietary solutions (if you already have the hardware, the cost is zero). Give this security solution a try, and see if it meets your needs.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

5 comments
jayreynolds333
jayreynolds333

Thanks for the help, I've been trying to set up this Small business firewall, and have been having some difficulty since I am not very technical. From what I can tell, your post has helped me get my network up and running.

pgit
pgit

EDIT: this is a reply to mshindo, I apparently didn't use the "reply" button. "I think its a safe assumption to make that if the user defines a rule allowing some traffic, they want the reply packets to be allowed as well." The assumption that a stateful firewall is going to allow "established" traffic back through to a host that initiated the conversation is the basis of the man in the middle attack. Mitigation takes a lot more overhead, eg you could watch incoming IPs and try to filter out potential offenders. This entails a lot of assumptions and will result in 'good' packets getting dropped on occasion. Nothing you can do, really, except keep your eyes on things and try to react as swiftly as possible.

pgit
pgit

The rule setup (figure E) says 'acl,' is this firewall a series of access control lists? One thing I'd like to know is what is the default policy on incoming packets, and how are they managed? I'd hope the thing denies everything until specifically allowed. I also don't see an obvious way to insure that all incoming packets allowed are in context. ('established' state with iptables) Fig E looks like you basically allow everything hitting the firewall to pass through to the destination regardless of whether they've been requested or not. I'll have to play around with this one, it does look interesting, a kernel hook rather than iptables...

mshindo
mshindo

With a recent release, we locked down the acls to deny almost everything except what is required to manage sphirewall from a remote machine. State is tracked and enforced by default in Sphirewall, you dont have to define rules around this. An example is, if you have a acl that allows traffic through port 80 to a certain host, then we will allow this connection, and through connection tracking allow the reply packets. At this stage, we dont see a need to force the user to define explicit rules around this, as it seems rather unintuitive. I think its a safe assumption to make that if the user defines a rule allowing some traffic, they want the reply packets to be allowed as well.

JCitizen
JCitizen

It might even have m0n0wall beat!