The home page

The latest version

 How to get NetBSD Firewall
 
Supported hardware
 
Customer Reviews
 


Questions you should have

 Is it useful for me?
 
What information do I need?
 
What hardware do I need?
 
What software do I need?
 
How do I plug it all in?
 


How to install it

 Getting the hardware ready
 
Getting the software ready
 
The installation process
 
Checking if it works
 
Changing your home computer
 
What's next (possibble extra's)?
 
CD and Donations


Full technical disclosure

 How to get the sources
 
Who we are


Related technical resources

  Sites with information
 
Sites with tools
 
intrusion detection software
 


Let us know!

 Tell us you installed it
 
Any problems? Let us know!
 

Related technical resources

 

If you have any information you think should be on this page, tell me.


Sites with similar firewalls:

Erik Winkler has a setup for 68K Macintosh computers:

NetBSD firewall for 68K Macs

 

Sites with information:

Security focus is a news web site that keeps an eye out on technical issues related with security, break-in attempts, etc. This is a very valuable resource if you want to stay current:

http://www.securityfocus.com/

 

Here is a list of Firewall vendors and their products.

http://www.fcgllc.com/Services/Security_Main/firewalls/firewalls1.htm

http://www.geckil.com/~harvest/firewalls/

 

IP Filter Based Firewalls HOWTO:

http://www.obfuscation.org/ipf/ipf-howto.txt

Unix security checklist

ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist

 

 


Sites with tools:

PPPoE

Some ADSL and cable modem provider want you to run PPP over ethernet to connect to their modem. Here's where you can find a version for NetBSD and Linux.

  

Bastille Linux 1.0

by Bastille Linux Project < http://bastille-linux.sourceforge.net/ >

Platforms: Linux

Bastille Linux is aimed primarily at non-security-experts, who are less knowledgeable about security, but want to run a more secure distribution of Linux. Our goal is to build a more secure distribution based on an well-supported existing distribution. Our solution currently takes the form of a Universal Hardening Program which must be run immediately after installation of Redhat 6.0.

 

nmap

nmap is a utility for port scanning large networks, although it works fine for single hosts. The guiding philosophy for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). This is the Perl slogan, but it is equally applicable to scanners. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do all this with one scanning mode. And you don't want to have 10 different scanners around, all with different interfaces and capabilities.

The NetBSD package is here.

http://www.insecure.org/nmap/

 

The Firewall Toolkit is one of the most often used freely available set of firewall tools:

ftp://ftp.tis.com/pub/firewalls/toolkit/

http://www.fwtk.org/

 

Wietse Venema's wrote a number of widely used tools that are excellent. His wrapper functions are among the most used Firewall Tools.

Wietse's tools and papers can be found here:

 

ftp://ftp.porcupine.org/pub/security/index.html


Intrusion detection tools

Tripwire

Tripwire is a file and directory integrity checker, a utility that compares a designated set of files and directories against information stored in a previously generated database. Any differences are flagged and logged, including added or deleted entries. When run against system files on a regular basis, any changes in critical system files will be spotted -- and appropriate damage control measures can be taken immediately. With Tripwire, system administrators can conclude with a high degree of certainty that a given set of files remain free of unauthorized modifications if Tripwire reports no changes.

ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/security/tripwire/README.htm

 

Deception Toolkit

The Deception Toolkit is a set of software that makes your computer look like it is running something it is not, and is meant to confuse and/or track crackers. Read the site for full information.

PortSentry

PortSentry is probably the most often used network intrusion detection tool.

Snort

Snort is a new network intrusion detectioon tool that is rapidly becoming popular.

Frequently Asked Questions on Intrusion detection software

http://www.ticm.com/kb/faq/idsfaq.html

 


Other interesting information

 

Macintosh users who want firewall protection should consider DoorStop Personal Edition from Open Door Networks, Inc. DoorStop PE is inexpensive, easy-to-use software that runs on the Mac it's protecting and lets you deny TCP access to specific (or all) services on that Mac based on the user's IP address. DoorStop can also log allowed and denied connection attempts, and notifiy you when such attempts occur.

  

Deep Reading

http://www.cl.cam.ac.uk/~rja14/ is a site with some excellent reading material that should give you some insight on why it is so difficult to get things really secure.

Books on security and Intrusion detection

Although O'Reilly probably has the best books there are on this subject, you might want to look into these as well:

 

Network Intrusion Detection: An Analyst's Handbook

by Stephen Northcutt

ISBN: 0735708681

 

Maximum Linux Security

Publisher: SAMS Publishing

Author: Anonymous

ISBN: 0-672-31670-6

First Printing: September 1999