I've been using IPCOP for about 3 or 4 years now, and it is quite a good system for the security. All though it be a bit better like disallowing root logins from ssh or from the console.
But overall the logging is great, the web interface is quite nice and has the features most poeple could hope to use or even need. But because it is cut down to a rather small size, they have had to take a lot of things out. Which can be a pain if you want to add anything to it to improve it's flexibility, sometimes I think it might be best to make my own so I can add new tools and software to it.
Unfortunately you have to wait for others to bring out security patches for it or make a rpm to install new software. But no one has ever hacked or breach my security ever on it, and it runs 24/7, have lots of interesting reading in the log files but no one has gotten through.
As far as the VPN, I have never set one up yet myself, but it is a good thing to have there if I ever need it. Also the proxy server is great as well, most hardware routers/modems have no proxy cahing or atleast a small amount, with IPCOP you can have as much logging and proxy caching as you want, just depends on your hard drive size.
|