Linux

I've been using Linux/Unix for many years. I've always had a strong interest in technology in general and computing specifically.

These are my opinions. Opinions are like noses, everyone has one, and they all smell.

Enjoy your visit.
May 2017
M T W T F S S
« Dec    
1234567
891011121314
15161718192021
22232425262728
293031  

Endian Community Firewall

From the excellent documentation:
What Is Endian Firewall?

Endian Firewall™ is a “turn-key” linux security distribution that turns every system into a fully featured security appliance. The software has been designed with “usability in mind” and is very easy to install, use and manage, without losing its flexibility. The features include a stateful packet inspection firewall, application-level proxies for various protocols (HTTP, POP3, SMTP, SIP) with antivirus support, virus and spamfiltering for email traffic (POP and SMTP), content filtering of Web traffic and a “hassle free” VPN solution (based on OpenVPN). The main advantage of Endian Firewall™ is that it is a pure “Open Source” solution that is commercially supported by Endian.

I see a lot of things to like about this firewall. I prefer a much more minimalist approach at the battlements. I personally wouldn’t run this on the gateway to the internet. It simply has too much software for me. I prefer simple firewalls. Endian has too many things that can have zero day exploits and undiscovered vulnerabilities. Just too many moving parts. I prefer firewalls that run in memory, have little or no disk writes. If you can’t get a shell on them, that makes me happy. I would run this firewall on departmental gateways. It could save some bandwidth, because it has some nice proxy cache capabilities.

Most of the network configuration is done during the install, through an ncurses interface. But it can be reconfigured from the web interface. Here’s the images of me doing just that.

Endian Firewall Home Page

Endian Firewall Home Page

Beginning of Network Configuration Wizard

Beginning of Network Configuration Wizard

If you have alternate networks like DMZ or Wireless they get set up here.

If you have alternate networks like DMZ or Wireless they get set up here.

Here we configure the lan or green zone.

Here we configure the lan or green zone.

Here we configure the lan or green zone.

Here we configure the lan or green zone.

Configure the wan or red zone network.

Configure the wan or red zone network.

Configure the DNS servers for the network.

Configure the DNS servers for the network.

Configure the DNS servers for the network.

Configure the DNS servers for the network.

Apply the configuration

Apply the configuration

The web pages not only let you configure the firewall, they also let you keep track of statistics about the system, track services that are running or shut down, memory, disk and uptime. The network status page shows Interfaces, NIC status, Routing table entries and ARP table entries. There are pages that allow you to view System Traffic and Proxy graphs, as well as SMTP Mail statistic, if you enabled. You can view OpenVPN connections. There is a web page for configuring static routes and host tables.

There are several services available on the firewall/server. The standard dhcp server that most firewalls have is here. Clamav is there for virus detection and can be used with smtp proxy and the pop3 proxy. There’s a web page to configure the time server and another to set up traffic shaping. Spamassassin is part of Endian Firewall, and there is a web page for configuring a source to feed it ham and spam. Snort is another of the packages installed in the Endian Firewall. Under Intrusion Detection System is a web page for configuring snort. If you enable traffic monitoring, you activate ntop, which will produce nice graphs for viewing traffic patterns by protocol and interface.

The Firewall tab give access to configure firewalling rules based upon interfaces or zones. It allows you to configure access rules for managing the system. You can add rules for port forwarding and Source NAT.

Endian Firewall Advanced Web Proxy Configuration

Endian Firewall Advanced Web Proxy Configuration

Endian Firewall also has a nice selection of proxies, including http, pop3, ftp, sip, SMTP and DNS. The http proxy has a lot of options for content filtering, including Dansguardian. You can filter out specific applications like java, javascript and other custom You can build a rules timetable, so you can allow access to services at lunch or after hours and deny them during work hours. You can authenticate users locally or use LDAP, Windows and Radius servers. You can enable antivirus scanning in the web proxy.

The pop3 proxy can filter for spam using spamassassin and virus scanning with clamav, though they warn you that it will likely slow down pop3. It also allows the creation of whitelists and blacklists for spam. The ftp server can also take advantage of the virus detection capabilities of Endian Firewall.

The SMTP proxy allows spam checking, virus scanning and file extension blocking. It has whitelist and blacklist capabilities, and it can use Real Time Blacklists, for stopping spam. The DNS proxy even has an anti-spyware option.

OpenVPN Server page

OpenVPN Server page

You can configure Virtual Private Networks several ways with Endian Firewall. You can configure a pool of address for OpenVPN connections into the network. You can configure OpenVPN client to create a Gateway to Gateway tunnel. Or, you can configure host-to-net or net-to-net with IPSEC.

Installing the Endian Firewall is easy, boot from the CD and it will do the rest. It partitioned my hard disk into three partions, /, /boot and /var. Here’s what df -h outputs.

Filesystem Size Used Avail Use% Mounted on
/dev/hda3 19G 408M 18G 3% /
/dev/hda1 31M 7.6M 22M 26% /boot
/dev/hda4 38G 159M 36G 1% /var

My conclusion:

This firewall does most of the things that a small business needs. It can be configured to protect more vulnerable mail servers, as well as virus scan and filter most inbound connections. It can be configured for both ingress and egress filtering. It’s designed to protect and proxy for vulnerable systems inside the network. Like many complex systems, if improperly configured it may actually make your network more vulnerable. I prefer a more simple approach to firewalls, I realize some people want all the extra filters and proxies and may find this just the thing to protect their network, and valuable data.

I definitely give the development team A+ for design. Although there is ample documentation available for Endian, I barely had to use it. The parts of the system were well thought out, and the groupings make sense and enhance ability to configure the software. There is also the possibility, because of the switches are provided in the software, for there to be a minimal configuration without all the proxies, virus scanners and spam filters turned on.

I didn’t do any throughput testing. If I were going to deploy this with all the bells and whistles turned on, I would definitely opt for some substantial hardware, with a good amount of memory. Today I would probably want nothing less than a P4 and 2Gb of memory. Without the proxies and filters, it could probably run on a 486 with 256Mb of memory. With only remote logging turned on, it might run from a compact flash.

Remember, security is a process. Don’t look to this or any other single device be the only security solution for your network. Start with a policy document then develop tools to meet that policy.

Thanks for looking.
Neil Schneider

Share