Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation."— Presentation transcript:

1 Jonas Lippuner

2 Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation

3 Introduction Linux firewall distribution the bad packets stop here SOHO users current 1.4.21 with kernel 2.4 version 2.0 under development www.ipcop.org

4 Network Structure up to 4 physically separated networks RED: untrusted network, i.e. Internet GREEN: protected (local) network BLUE: optional network for wireless devices ORANGE: optional network for public servers (DMZ)

5 Network Structure

6 IPCopREDGREENBLUEORANGE RED closed EA closed PF, VPN closed PF, VPN closed PF GREEN open BLUE closed BA closed BA closed DP, VPN closed BA ORANGE closedopen closed DP closed DP EA: External Access BA: Blue Access PF: Port Forwarding DP: DMZ Pinholes VPN: Virtual Private Network

7 Access Control External Access  allow access to IPCop from RED Port Forwarding  forward specific ports from RED to specific addresses in GREEN, BLUE or ORANGE Blue Access  list of trusted IP and/or MAC addresses in BLUE DMZ Pinholes  like port forwarding, but from ORANGE or BLUE to GREEN or BLUE

8 Connecting to the Internet Static IP DHCP, e.g. from a cable modem or DSL router PPPoE, e.g. over an DSL router configured as “bridge” PPTP USB modem ISDN card

9 Configuration easy-to-use web interface SSH access can be enabled  password based authentication  public key based authentication updates can be downloaded and installed through the web interface

10 Services Web proxy (squid)  for GREEN and BLUE  can be transparent for port 80 DHCP server  for GREEN and BLUE  fixed and dynamic leases Dynamic DNS  updates RED IP to a dynamic DNS service

11 Services Host Names  host names can be assigned to IP addresses Time Server  IPCop retrieves time from public NTP servers and acts as NTP server for local network Traffic Shaping  assign priorities to traffic on different ports

12 Services Intrusion Detection System (Snort)  on GREEN, BLUE, ORANGE and/or RED  analyses packets for known signatures of malicious activity  passive protection, must be monitored by user  requires a lot of memory

13 Services VPN (IPSec)  access to GREEN and BLUE from RED and BLUE  secure and encrypted connection through an untrusted network  Net-to-net, Host-to-net (road warrior)  Authentication through pre-shared key or digital certificates

14 Addons new features and capabilities unofficial more than 120 addons www.ipcopaddons.org

15 Addons Advanced Proxy  extends the configuration options  adds user management BlockOutTraffic (BOT)  block access to RED by default and allow only according user-defined rules

16 Addons Copfilter  scans email and web traffic for viruses and spam URL filter  blocks specific domains, URLs and/or files  includes time based access control WLAN-AP  turns IPCop into a wireless access point

17 Hardware Requirements minimal 32 MB RAM (more required for advanced features like IDS) 128 MB SD card is enough (more space required for extensive logging) Network adapters (number depends on network configuration)

18 Motherboard

19 Mini-ITX embedded CPU (533 MHz) 128 MB RAM integrated graphics chip 2x USB v1.1 ports 1x network adapter (10/100 Mbps) 1x PCI slot fanless

20 Power Supply

21 SD to IDE Adapter

22 Enclosure

23 designed for Mini-ITX and PicoPSU up to two 2.5” drives 2x hidden USB ports wireless antenna hole no space for PCI card fanless

24 Network Card

25 Putting It Together

Download ppt "Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation."

Similar presentations

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G www.smc.com.

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
300Mbps n Wireless Gigabit Router

300Mbps n Wireless Gigabit Router
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
Introduction to Fortinet Unified Threat Management

Introduction to Fortinet Unified Threat Management
Controlling access with packet filters and firewalls.

Controlling access with packet filters and firewalls.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Wi-Fi Structures.

Wi-Fi Structures.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
DVG-N5402SP.

DVG-N5402SP.
Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.

Improving Security. Networking Terms Node –Any device on a network Protocol –Communication standards Host –A node on a network Workstation 1.A PC 2.A.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
M2M Gateway Features Jari Lahti, CTO www.violasystems.com.

M2M Gateway Features Jari Lahti, CTO

Similar presentations

Ads by Google