PC or Linux Firewall

Dedicated device or roll your own? It’s not difficult to build and configure a Linux server to act as a firewall.

You won’t get the cleverest of the filtering features for free, but you will get a machine that has enough ability to keep the secured side of the network suitably safe. Is a roll-your-own approach as good or better than paying for specialised devices?

Cost is the advantage most commonly quoted. If suitable hardware is already available, the effective cost of a hand-built Linux firewall is effectively zero. Having total control of the configuration at every level allows for a device ideally tailored for the network environment. But PC-based firewalls have specific problems too. They are always inherently more unreliable than hardware specifically designed for the task – old PSUs and hard disks don’t last forever!

But the biggest problem is the expense of managing PC-based firewalls. Updating and maintenance requires a higher level of skill: the people responsible need to be skilled in Linux setup and configuration, as well as firewall configuration. Planning and preparation for catastrophic events such as firewall failure must be done in-house and in advance – which means a stock of spare parts up to and including motherboards (especially if the hardware is elderly) and procedures for rolling out a replacement at speed if necessary.

It’s certainly worth considering Linux- based firewalls but the question to ask is “What could go wrong, and how easy is it to mitigate those situations?”

The answers may show that even though they are near-free, the hidden costs could outweigh the benefits.

 

 

Share |

Download


Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

 
FREE SUBSCRIPTION!
Banner

IT EXPERT TOP TIP

If you're supporting en users who need to transfer files by FTP occasionally, explaining how to use FTP every time can get frustrating. Map an FTP site as a custom network location and they can do it through the familiar Explorer window. If you only have a couple of machines you can choose Tools >Map Network Drive… in Explorer and click the link 'Connect to a Web site that you can use to store your documents and pictures' to open a wizard that creates a network location. Select 'Choose a custom network location', type in the FTP address and fill in the user name and password. You can also create mapped drives and network places on the Environment tab of the user's Active Directory object - but if you have a lot of users to set up, put it in the logon script for the user profile under Active Directory Users and Computers.
If you're running into problems with Group Policy Objects, check this handy summary of the rules at http://support.microsoft.com/kb/555991/en-us. read more

TAKE THE POLL

Unified communications

Banner

The #1 Bestseller for Only 77p

RECENT COMMENTS