LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Blogs > Journey of a Thousand Miles
User Name
Password

Notices

This is Xolo's journal, a record of his thousand mile journey through the world of Open Source.
Rate this Entry

Stateful Firewall/IDS/Filter/DDoS Mitigation #1

Posted 07-25-2006 at 06:23 AM by Xolo

Update #1, Tuesday Juli 25th 2006

Project state : Starting
LQ Threads : Stateful Firewall/IDS/Filter/DDoS Mitigation - What Would You Advise? in Linux - Security
Description : This project aims to replicate (where feasible) the functions of a HotBrick HSS4000 rackmount firewall unit.
Project Goals :
  • Stateful packet filtering (Deep packet inspection)
  • Denial of Service Mitigation
  • Source Network Address Translation (SNAT)
  • Source Network Address Translation (SNAT)
  • Destination Network Address Translation (DNAT)
  • Port forwarding
  • IDS Intrusion Detection and Prevention System
  • Mail/Web Filter (Bad/Junk mail, Viruses, Ads, P2P/IM traffic, etc.)
  • DNS, and possibly Mail (Storage, Retrieval, Forwarding) and Web Server
  • Support for typical protocols such as IPSEC, PPTP, L2TP, MPPE (VPN/VPN Passthrough)
  • WAN Load Balancing/Automatic Failover


Present course :

1. Hardware : A-Open MX3-S Mini ATX Mainboard, 1.3Ghz Intel Celeron, 256MB PC133 SDRAM, Maxtor 20GB HDD, broken CPU fan
2. Distribution : Undecided; Mandriva, Slackware, *BSD
3. Kernel : Undecided
4. Packages : Undecided; HLBR or Hogwash Light BR, LAk-IPS, FirstLight IPS, IPTables, Dan's Guardian, Apache 2, Squid, SpamAssassin, Postfix, Qmail, Bind, OpenSSL, OpenSSH, ..
5. Hardening : Undecided; Bastille, ..
6. Methods : Undecided; Rule-based, Automatic detections, CHRooting


Next step :

1. Replace CPU fan
2. Choose appropriate kernel
3. Choose appropriate distribution
4. Wipe, Install, Test
5. Sift through packages
6. Don't forget to document
Posted in Uncategorized
Views 1583 Comments 0
« Prev     Main     Next »

  



All times are GMT -5. The time now is 05:17 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration