IPCop is a tool that can be deployed in almost any place within a network and serve a functional purpose. It has an intuitive easy to use interface that is great for users of any level. And the fact that no prior Linux or IPCop knowledge is required is just another bonus.
Date: 10 Nov 2006
IPCop is a tool that can be deployed in almost any place within a network
and serve a functional purpose. It has an intuitive easy to use interface that
is great for users of any level. And the fact that no prior Linux or IPCop
knowledge is required is just another bonus.
Vitals:
| Title |
Configuring IPCop Firewalls: Closing Borders with Open Source |
| Author |
Barrie Dempster and James Eaton-Lee |
| Pages |
219 |
| ISBN |
1-904811-36-1 |
| Publisher |
Packt Publishing |
| Edition |
1st Edition (Sep 2006) |
| Purchase |
Amazon |
Audience:
Geared towards your average individual with a very limited knowledge of
firewalling, networking, or even open source software in general Configuring
IPCop Firewalls is an excellent starting point.
Summary:
As this book is geared towards those without prior knowledge of Linux or
networking experience, it starts out simple. There are discussions of the OSI
(Open Systems Interconnection) model, network design and structure, filtering
and shaping devices, and dedicated hardware. The authors then move on to
concepts more specific to IPCop and its intuitive interface. They talk about
the different colored interfaces and how they apply to network traffic and
network security.
Chapter 3 then delves deeper into designing a network and creating a proper
topology for your setup. At this point, the reader should have enough of an
understanding to accomplish this task for an IPCop network.
Now that you have a plan for your network, it is time to install IPCop. The
next chapter takes you through the installation process in a step-by-step manner
with the associated graphics.
Although IPCop has the ability to be complex, the web interface makes many
things very easy. Chapter 5 takes you through some basic usage of the web
interface.
Once the basics have been covered and the initial configuration out of the
way, it is time to make the machine do what you want it to do. Chapter 6 takes
the reader through configuring Snort, an IDS (Intrusion Detection System). It
contains everything from log monitoring to log analyzers. Then moving onto VPNs
(Virtual Private Networks), IPCop allows the user to easily setup anyone of the
major protocols including IPSec, L2TP, PPTP, SSH, SSL, and even some of the
proprietary VPN protocols that are publically available. You can even integrate
Wifi access into the VPN interface (something not easily done on your average
firewall).
As bandwidth is universal problem, IPCop provides helper applications in this
realm. There is a section of the web interface that is used to configure Squid,
a proxy and caching server. IPCop also covers one of the majorly
underused (partially because of its complexity) applications of traffic shaping
and caching. By having an easy interface to prioritize traffic and access to
the various services available via your network, you can create a very user
friendly network.
Finally the book wraps up with how to customize your configuration. These
include such addons as SquidGuard for Squid, MAC address based filtering, remote
logging, malware detection, and email scanning just to name a few. And with
each addon, there is a web interface for configuring it. And as security is
always an issue, which is likely the reason you set up IPCop to begin with, it
also comes with a section on auditing, patch management and auditing.
Opinion:
Firewalls have come a long way in the time that I have been working with
computers. I had never even heard of IPCop prior to reading this book. And
ever since I picked it up, I did an immediate install on a spare virtual machine
to play around and immediately liked what I saw. Every time I came across
something that I thought would be useful to do, I just referenced the book and
it was easy enough to it setup, especially the VPN with IPSec.
In my opinion, the best thing about Configuring IPCop Firewalls is the progressive
approach the book takes to walking you through design, installation, setup,
configuration, then hardening. Although this may seem trivial, this is a
process that many (even in the industry) skip over and go right to
implementation and end up paying for it in the long run. Since this book is
geared towards newer users, it puts them into good habits that should be kept
throughout their career with network administration.
I would definitely recommend this book to someone with a straightforward
network setup who wants to begin to delve deeper into the world of
network administration. If the network is likely to be complex, then IPCop is
not necessarily the way to go.
Reviewed by: Eric Lubow
It's good to see that a book on IPCop has appeared. It will make it easier to deploy IPCop as one can point to the book as documentation.
IPCop is a great little distribution. It is small (they have kept the CD image small), tightly targetted, and installs in no-time. I am hoping that some of the very useful addons like ZERINA and QoS make it into the mainstream, that is, can be installed by someone without having to resort to ssh, scp, tar, etc. (sure it's easy for a Linux person, but you want it easier for a bigger audience), and without bloating the CD image. Maybe some sort of addons site is the way to go. |
| Written by vinitm on 2007-03-15 02:13:13 |
