When you want to protect your internal network, either your business network or your home network and you want to install the firewall yourself, there is an option to use a Linux firewall application. Linux has many benefits about installing applications by yourself, of course you need to learn some Linux to do so, but that is one of the reasons why it might be a good idea to get to know Linux. You can install almost anything that you might need, and it’s free.

I am specifying a couple of good ones, but there are many more. I set a link at the bottom of this article, that links to a very long list of firewall options 🙂

Firestarter – When you’re using a desktop version of the Linux operating system, you can use this graphic firewall application.
•    Easy to use graphic interface (might ease configuration if you have some basic understanding of how firewalls work).
•    This application is of course an open source application, and free.
•    The firewall enables more than one station to be connected to it and of course be protected.
•    You can easily define inbound and outbound traffic – which are of course the core of firewall designation – defining who can exit and who can access the services from the internet.
•    The firewall includes – white-list & black-list traffic – who is allowed and who isn’t
•    You can monitor the traffic, see what is passing through your firewall and online events.

Endian Firewall – This firewall is based on the open source most common command line Linux firewall called IPCOP, This firewall includes web filtering (Web Proxy), SIP Proxy (for Switchboards), VPN, Content Filtering, Mail gateway, Anti-virus, Anti-spyware, Anti-fishing etc…
Some of it features are:
•    There is an easy to use web interface – web management service to configure it.
•    It supports Routing and NAT (for configuring what is allowed and disallow to pass through the firewall.
•    Port forwarding
•    Network traffic logs, Reporting system.
•    IPSec VPN – for VPN secured access from outside the network.
•    Anti -Virus is based on the Clam AV mechanism.
•    Traffic monitoring is by using the nTop.
•    SPAM Protection using pyzor
•    Dynamic DNS support
•    Dnsmasq – is used for the DHCP and DNS.
•    There is also Windows based support – Samba, LDAP, RADIUS.

SmoothWall Express – This firewall offers a good security firewall, for minimal hardware, which can be fitted well on old computers with old slow configurations. This firewall is being configured using a web based management console. You can configure ADSL, ISDN, Web Proxy, DHCP configurations.
There is a nice video that shows and explains about the Smooth-Wall.

There are many other options which you can read on at this link 🙂

Active Directory is a package designed by Microsoft to manage an organizational network, this package is using different tools to organize and manage the corporate network. Basically before we get into specifics, the Active Directory is creating a managerial environment, where all of the network clients (end users) are connected to it, and anyone who connects to it is registered and monitored by the Active Directory system. That enables it, to manage the end users, what they are allowed to do, what they can’t, which resources will be available to whom. It creates groups and give those groups policies (group of rules) which binds that group into those rules, and every end user that is defined within this group is bind by it rules, and accordingly can or can’t do things within the network.

The Active Directory, has been built inside the windows servers (server 2003, 2008) and the Active Directory is it’s source of organization. Anyone who connects to the server is actually connected to the Active Directory, and through that can use the network resources, as defined in the Active Directory rules.

So how does it work ?
The tools that Active Directory uses, are the LDAP (lightweight directory access protocol) which is basically a library service. There is the authentication protocol based on Kerberos (authentication protocol for client/server services that enables connection and communication using secret encrypted codes over the internet), then there is the DNS (domain name system, which translate names like website addresses into IP addresses) and finally the group enforcement, making sure the group rules are working properly.

The Active Directory has a Physical aspect which includes a database that is residing on DC (DomainControllers), those DCs can do various operations and purposes, or the same operation for redundancy and loading performance and separations, where each change in domain is replicated using a replication mechanism, to the other domains and of course updating the whole organization accordingly. The Logical aspect of it is hierarchical concepts, like a pyramid, the higher structure is a forest, which is containing trees which resemble a collection of DCs. The forest is actually any object on the network, anything connected to it, and the rules apply using that hierarchy.

Each object on the network is an “Entity” and each entity has its own definitions which divides into 3 types: resources, services & users. Every object has it’s unique GUID (ID), which identifies against the library (the LDAP) and that is how it gets identified.

This is the basic operation of the Active Directory. It’s use and functionality is to centralize manage all of the computerized resources in the organization. The policy can be implemented using a management tool called GPO (group policy) which can manage the policies given to different groups in the organization’s network.

This whole concept enable the network administrator to obtain control over the whole network from one computer (DC) and  to define what type of desktop will a user have, which directories he can access, what tools he can use etc…