The IPCop is both a router AND a firewall.
The phrase "firewall" has been abused by corporations to mean "a device
sitting between you and the internet that filters all bad traffic". So
you end up with SonicWall's, Cisco Firewalls, etc. The corporations are
pushing their product.
In reality, a firewall is just like network security - it is a series of
layers of defences. Relying on a single device to protect you can only
get you so far. (do you leave your house unlocked if you have a fence
around the house - that's what these "firewall" devices advocate.)
With regards to filtering, a decent router will immediately reduce the
amount of traffic that needs to be filtered. From there you standard
anti-virus/malware/spam tools should take care of the remainder.
There are some options within IPCop that will reduce this even more
(intrusion detection, etc.).
If you have a larger network where you don't get to control access to
the boxes you care about, then perhaps adding another layer after the
router (IPCop) to do further filtering.
For example:
Internet - IPCop - XXXXX - Switch/Hub - Servers/Workstations
Where the XXXX is a box that will do further filtering for you -
Spamassasin, antivirus, etc.
In practice, I have been running IPCop for 5+ years, and have
occasionally played with the Intrusion Detection, but have no other
specialized filtering. Whatever filtering I need is handled by my mail
server, mail client, and web servers. But I also run Linux on all my
boxes. (Well, the roomie has a Windows laptop she complains about a
lot, but that's HER's to take care of) So, my network diagram is the
same as above, but without the XXXXX layer.
(btw, I'm talking from a small network perspective here - things change
when you grow to larger networks or volumes)
Shawn
Joe Shuttleworth wrote:
Thanks for the input. It looks like installing IPCop is best on a separate
computer.
I have a P3 I could use. I was just wondering how much power it would use to
have another computer running ?
Would using a router give enough protection or would I need a firewall?
Thanks
_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
_______________________________________________
clug-talk mailing list
[email protected]
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
