Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Part 1: How to Set Up a Linux-Based Firewall for a SOHO

part 1 of a 3-part series

April 30, 2001
By John R. Vacca

In This Article:

With telecommuters and small-office workers relying more on the Internet, security is becoming an increasingly important issue for systems administrators. To combat the wily hacker, many companies are turning to lightweight Linux-based firewalls. But doing so is no small feat, especially for the Unix-weary. To assuage any fears, this article will show you how to set up a Linux-based personal firewall for the SOHO (small office, home office), broadband-attached network. It also takes a look at several SOHO firewalls and determines whether or not they can keep your systems safe from intruders.

The term firewall (as described in this article) is one of many appropriated from other industries to fit the needs of technology. Originally, a firewall was a strengthened part of a building's structure designed to keep a fire contained within a specific area. When IT managers and software developers wanted to add security to their networks, the term was used to describe the layers of defense put into a server to protect against unauthorized access.

However, the idea of a SOHO-specific firewall has taken time to develop. The first SOHO products have appeared only in the past 18 months. Although there has been considerable skepticism about the usefulness of such packages, the market for SOHO firewalls is set to explode. With more small- and home-office workers spending increasing amounts of time online, there's growing concern among corporations about the security of their remote systems. Thankfully, the major software vendors are reacting to this concern.

Currently, the majority of standalone PCs won't benefit from a SOHO firewall, as the available protection is limited. Even the most sophisticated SOHO firewall software can't provide complete protection against a determined effort to break in. (See sidebar, "SOHO Firewalls Are Not Safe.")

While hacking is almost as old as the computer itself (the term was first coined to describe the phenomenon in 1984 in Steven Levy's book, Hackers), the number of hardcore hackers is limited, and they certainly have other priorities besides SOHO computer systems. Most hackers take pride in not causing damage during intrusion. However, the risk is there technically. With the number of computers spending time attached to the global telecommunications system growing at current rates, SOHO firewall protection is becoming an issue of increasing importance.

A growing amount of choice also is available to the SOHO firewall buyer. This comes from a mix of old and new companies. Large-scale corporate firewall providers are scaling down their enterprise-level software for SOHO use, while new companies are building software from scratch.

This article approaches SOHO firewall products from an ordinary user's standpoint, looking at how easy a product is to use as well as covering the technical facilities of each package. Given that, until recently, SOHO firewall software has required specialist knowledge, you should pick out the level of sophistication with which you feel most comfortable.

This article also will provide extensive hands-on examples to give you practical experience in the realities of securing SOHO establishments. It will show you what your options are, as far as hardware/software solutions are concerned; how to employ a Linux-based SOHO firewall using X products; and how to set up this type of firewall, focusing on all of the gotchas to watch out for.

Note: It's worth pointing out that a cut-down version of ZoneAlarm is available as a free download from the manufacturer's Web site. You should consider trying this product first to see whether you like the user interface and the level of functionality before investing money in the software.

Warning: URLs can change without notice.

In my usability testing I found that none of these SOHO firewalls are good enough to provide protection from an advanced attack. However, it's becoming important for everyone to have at least some level of protection on his or her computer system, if only to deter the casual intruder. Ever increasing amounts of high-value information -- both business and personal -- are being stored on computers, and smart users will do their best to protect it.

In any event, a new breed of distributed, centrally manageable SOHO firewalls can help prevent attacks to the enterprise via remote employee PCs. Let's take a look.

The Realities of Securing SOHOs with Firewall Protection

In December 2000, a bank in Southern California received a call from an online customer asking why one of its computers was trying to hack into his system. It turned out that the machine doing the hacking belonged to the bank's president and had been commandeered remotely by an employee. The president called Conqwest, a Holliston, Mass.-based IT security services firm that is now rolling out SOHO firewall software across the bank's 136 internal desktop, laptop and remote computers.

Until recently, companies thought antivirus and VPN (virtual private network) technologies would keep remote-worker connections safe. But as more workers access the Internet through broadband services, such as cable modems, exposure to hacking attacks through those machines has increased. In October 2000, for example, a hacker broke into a Microsoft Corp. employee's home computer and exploited the VPN connection to penetrate the company's internal network. (See sidebar, "Packet-Filtering Firewalls and Policy-Based Routing.")

At the time of the Microsoft hack, only 16 percent of 400 security professionals surveyed used any type of firewall to protect remote workers' machines, even though 39 percent of the reported attacks originated from those machines, according to a report released by Cupertino, Calif.-based security software vendor Symantec Corp. Some managers are tackling this threat by requiring SOHO firewalls on all desktop and laptop computers, both inside and outside the corporate LAN.


   Page: 1 | 2 | 3 | Next Page
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers