I want to replace my belkin gateway with a pc that is running mdk 9.1 It will need to support winxp clients that have to share files as well as internet (of course)

cable modem
|
pc (mdk 9)
|
hub
| |
1 win xp clients 2

want to be able to detect a prick window$ point&clicker from meddling in my files - thought was to replace the current belkin gateway with a pc running linux of some flavor (decided on mandrake) bad or good idea (lost my question mark key) suggestions on detection and prevention basic net security ideas = any help would be given a big thanks!

I would not use a full-blow distro for a firewall (i.e. no Mandrake, no Red Hat, no SuSE, etc). They are all tailored to install a lot of things by default to make your life easier. The problem is that all those extra packages also make security expoits a lot easier. They do not belong on a firewall.

From this point you have several choices. You could use a dedicated Linux distro for firewalls, such as IPCop, Astaro, etc (there are several others of varying degrees of usefulness). You could build a from scratch distro of Linux and only add the stuff you need (build your own kernel, etc). I'm assuming you want this to be Linux, but I just have to mention that OpenBSD is just about tailor-made for being a bastion host. OBSD installs very minimally, less than 200MB with the bare basics. Then you configure pf and you're on your way.

I digress. As for packages, obviously if it's Linux you need to build the kernel with iptables support. You will want the Snort package for NIDS and Tripwire for HIDS. You may want to install Bastille to help you lock the box down. Your logs should be sent to an internal machine (syslog is very good for this). You may wish to configure Squid as an HTTP proxy, but for few clients this might be more trouble than it's worth. If you do install Squid, make VERY SURE it's not accessible from the Internet side. Open proxies generate a lot of ill-will towards their owners and likely your ISP will revoke your account.

O'Reilly's Building Internet Firewalls is highly recommend reading, and Hacking Exposed wouldn't be a bad read, either (you can probably pick up old editions very cheaply since a new ed. comes out every several months).

Try smoothwall (http://smoothwall.org) as well for an out of the box firewall distro that I found really easy to get installed on an old piece of tin I had lying around.

HIH
Ashley

thanks for your help. minimal stuffs to avoid exploits is the key though right?

No problem. What do you mean by 'minimal stuffs'? I'm not familiar with the term.