IPCop Firewall Review

Great Open Source Firewall
IT Manager: “We spent a lot of money on our infrastructure. Are we secure”?
IT Support: “Sure…we have a firewall”.
The Support Specialist is perpetuating the myth that having a firewall is the be all and end all for security. But a firewall is an important part of any defence in depth strategy to protect your network. MS’s Ten Immutable Laws of Security, number one states that if the bad guy can change anything on your computer, it is not your computer any more. So, yes, we need firewalls.

Selecting Firewalls

What firewall is best for you is a subject of debate. Your needs, your staff and your budget will play a huge determining factor into what type of firewall you will purchase. Some people swear on hardware based firewalls, while others are strong proponents of software based firewalls. Personally, having installed many of both types, the decision comes down to what is best for your company. A smaller company obviously does not have the staff and budget to support a Cisco PIX firewall so in many cases it would be overkill. What is a small business owner to do? Many times a software based firewall will be a better choice. They are configurable, easily updated and much simpler to support. This review will look at an open source firewall called IPCop. We’ll examine it from various angles including ease of setup, configurability and reliability. It wouldn’t be fair to talk about cost – as it is freely downloadable from SourceForge and was the second runner up in the security category in the 2006 SourceForge.net Community Choice Awards.

IPCop the Linux Distribution

You do not need to know anything about Linux in order to install and manage IPCop. If you have a networking background, even from the Windows world you can get IPCop running in a very short timeframe. Many of my Microsoft skilled networking friends use IPCop for many reasons and most of them are not what you would call Linux users. IPCop is a lean and mean Linux distribution designed to be a firewall. Many small businesses may worry about installing and supporting Linux in their environment. IPCop has simplified the overall experience to the point you don’t even know you are running Linux. IPCop is packaged in a way that there is a single bootable CD (you download the CD image called in ISO) and it installs everything you need in one quick installation routine then you manage the firewall from a web interface. No command line and you don’t need to know anything about Linux. This is very powerful for a small business as they can have the power of a Linux based firewall and the simplicity of a web interface.

Feature Set (4 Stars)

The downloadable ISO is only about 50 MB. The ISO is then burnt to a CD and used to boot the computer and start the installation. The good news is that it will run on almost any computer new or old. You probably have enough spare parts lying around your shop to build a computer that will run IPCop. The feature set is long and great for a SOHO business owner. Such things as IPChains-based firewall and the ability to have the outside interface a modem, an ISDN modem, or an ADSL modem adds some flexibility. DMZ support is built in if you require a safe location to allow web access to your servers. Access is gained by port forwarding rules which are simple to configure.
Features include:

• Firewall
• Intrusion Detection System
• IPSEC VPN
• Caching DNS
• Web Proxy
• DHCP Server
• Time Server
• Traffic Shaping
• NAT

So when examining the feature set for a small or home based business they can take an old or new PC, install IPCop and have a full functional network server with many of the base services a small business needs. All of the features are managed though IPCop’s web based interface and is a cinch to navigate – even for the novice.

Setup (4.5 Stars)

© 2006 by Tom Eichstaedt

Once the product has been downloaded, the user can expect 15-30 minutes from start to finish setting it up. There are a number of documents to help setup the product by visiting IPCop Install Docs. The only questions you will have to answer is the type of network cards you will be installing, how many interfaces you want to configure, and their IP addresses. IPCop does a good job of discovering most network cards…even obscure ones. IPCop colour codes its interfaces making installation even simpler. Red is the external interface (usually used to connect to the Internet) and is completely protected. Green is the internal interface and allows all outbound traffic. Orange is for the DMZ which allows the internal interface to talk to it, but no other network traffic. There is also a Blue interface for wireless configurations. The only caveat you may encounter is if you are using different brands of network cards. If all cards are identical, then IPCop sees them all as active. If you have different cards you will have to tell IPCop to add them.
The system can be easily configured from the web interface once all is configured. The network interface screen shot is a view of the web interface for a system with three network cards.