Configuring IPCop Firewalls: Closing Borders with Open Source

Configuring IPCop Firewalls: Closing Borders with Open Source
eBook: $23.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 50%!
Print + free eBook + free PacktLib access to the book: $63.98    Print cover: $39.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Learn how to install, configure, and set up IPCop on your Linux servers
  • Use IPCop as a web proxy, DHCP, DNS, time server, and VPN
  • Advanced add-on management

Book Details

Language : English
Paperback : 244 pages [ 235mm x 191mm ]
Release Date : October 2006
ISBN : 1904811361
ISBN 13 : 9781904811367
Author(s) : Barrie Dempster, James Eaton-Lee
Topics and Technologies : All Books, Networking and Servers, Security and Testing, Linux Servers, Networking & Telephony, Open Source

Table of Contents

Chapter 1: Introduction to Firewalls
Chapter 2: Introduction to IPCop
Chapter 3: Deploying IPCop and Designing a Network
Chapter 4: Installing IPCop
Chapter 5: Basic IPCop Usage
Chapter 6: Intrusion Detection with IPCop
Chapter 7: Virtual Private Networks
Chapter 8: Managing Bandwidth with IPCop
Chapter 9: Customizing IPCop
Chapter 10: Testing, Auditing, and Hardening IPCop
Chapter 11: IPCop Support
  • Chapter 1: Introduction to Firewalls
    • An Introduction to (TCP/IP) Networking
    • The Purpose of Firewalls
    • The OSI Model
      • Layer 1: The Physical Layer
      • Layer 2: The Data Link Layer
      • Layer 3: The Network Layer
      • Layer 4: The Transport Layer
      • Layer 5: The Session Layer
      • Layer 6: The Presentation Layer
      • Layer 7: The Application Layer
    • How Networks are Structured
      • Servers and Clients
      • Switches and Hubs
      • Routers
      • Routers, Firewalls, and NAT
        • Network Address Translation
        • Combined Role Devices
    • Traffic Filtering
      • Personal Firewalls
      • Stateless Packet Filtering
      • Stateful Packet Filtering
      • Application-Layer Firewalling
      • Proxy Servers
    • Other Services Sometimes Run on Firewalls
      • DNS
      • DHCP
    • Summary
  • Chapter 2: Introduction to IPCop
    • Free and Open Source Software
      • Forking IPCop
    • The Purpose of IPCop
    • The Benefits of Building on Stable Components
    • The Gap IPCop Fills
    • Features of IPCop
      • Web Interface
      • Network Interfaces
      • The Green Network Interface
      • The Red Network Interface
        • USB and PCI ADSL Modems
        • ISDN Modems
        • Analog (POTS) Modems
        • Cable and Satellite Internet
      • The Orange Network Interface
      • The Blue Network Interfaces
      • Simple Administration and Monitoring
      • Modem Settings
      • Services
        • Web Proxy
        • DHCP
        • Dynamic DNS
        • Time Server
        • Advanced Network Services
        • Port Forwarding
    • Virtual Private Networking
      • ProPolice Stack Protection
    • Why IPCop?
    • Summary
  • Chapter 3: Deploying IPCop and Designing a Network
    • Trust Relationships between the Interfaces
    • Altering IPCop Functionality
    • Topology One: NAT Firewall
    • Topology Two: NAT Firewall with DMZ
    • Topology Three: NAT Firewall with DMZ and Wireless
    • Planning Site-To-Site VPN Topologies
    • Summary
  • Chapter 4: Installing IPCop
    • Hardware Requirements
    • Other Hardware Considerations
    • The Installation Procedure
      • Installation Media
      • Hard Drive Partitioning and Formatting
      • Restore Configuration from Floppy Backup
    • Green Interface Configuration
      • Finished?
      • Locale Settings
      • Hostname
      • DNS Domain Name
      • ISDN Configuration
      • Network Configuration
        • Drivers and Card Assignment
        • Address Settings
      • DNS and Default Gateway
      • DHCP Server
      • Finished!
    • First Boot
    • Summary
  • Chapter 5: Basic IPCop Usage
    • The System Menu
      • Software Updates
      • Passwords
      • SSH Access
        • Connecting to SSH
        • A Little More about SSH
      • GUI Settings
      • Backup
      • Shutdown
    • Checking the Status of Our IPCop Firewall
    • Network Status
      • System Graphs
      • Network Graphs
      • Connections
    • Services
      • DHCP Server
      • Dynamic DNS
      • Edit Hosts
      • Time Server
    • Firewall Functionality
      • External Access
      • Port Forwarding
      • Firewall Options
      • Network Troubleshooting with Ping
    • Summary
  • Chapter 6: Intrusion Detection with IPCop
    • Introduction to IDS
    • Introduction to Snort
    • Do We Need an IDS?
    • How Does an IDS Work?
    • Using Snort with IPCop
    • Monitoring the Logs
      • Priority
    • Log Analysis Options
      • Perl Scripts
      • ACID and BASE
    • What to Do Next?
    • Summary
  • Chapter 7: Virtual Private Networks
    • What is a VPN?
      • IPSec
      • A Little More about Deploying IPSec
      • Prerequisites for a Successful VPN
      • Verifying Connectivity
      • Host-to-Net Connections Using Pre-Shared Keys
      • Host-to-Net Connections Using Certificates
        • A Brief Explanation of Certificates and X.509
      • Certificates with IPSec in IPCop
      • Site-to-Site VPNs Using Certificates
      • VPN Authentication Options
      • Configuring Clients for VPNs
      • The Blue Zone
        • Prerequisites for a Blue Zone VPN
        • Setup
    • Summary
  • Chapter 8: Managing Bandwidth with IPCop
    • The Bandwidth Problem
    • The HTTP Problem
    • The Solutions: Proxying and Caching
    • Introduction to Squid
    • Configuring Squid
    • Cache Management
      • Transfer Limits
    • Managing Bandwidth without a Cache
      • Traffic Shaping Basics
      • Traffic Shaping Configuration
      • Adding a Traffic Shaping Service
      • Editing a Traffic Shaping Service
    • Summary
  • Chapter 9: Customizing IPCop
    • Addons
    • Firewall Addons Server
      • Installing Addons
    • Common Addons
      • SquidGuard
      • Enhanced Filtering
        • Blue Access
      • LogSend
      • Copfilter
        • Status
        • Email
        • Monitoring
        • POP3 Filtering
        • SMTP Filtering
        • HTTP Filter (and FTP)
        • AntiSPAM
        • AntiVirus
        • Tests and Logs
      • Up and Running!
    • Summary
  • Chapter 10: Testing, Auditing, and Hardening IPCop
    • Security and Patch Management
      • Why We Should Be Concerned
      • Appliances and How this Affects Our Management of IPCop
    • Basic Firewall Hardening
      • Checking What Exposure Our Firewall Has to Clients
      • What is Running on Our Firewall?
    • Advanced Hardening
      • Stack-Smashing Protector (Propolice)
      • Service Hardening
    • Logfiles and Monitoring Usage
      • Establishing a Baseline with Graphs
      • Logfiles
    • Usage and Denial of Service
      • CPU and Memory Usage
      • Logged-In Users
      • Other Security Analysis Tools
    • Where to Go Next?
      • Full-Disclosure
      • Wikipedia
      • SecurityFocus
      • Literature
    • Summary

Barrie Dempster

Barrie Dempster is currently employed as a Senior Security Consultant for NGS Software Ltd a world-renowned security consultancy well known for their focus in enterprise-level application vulnerability research and database security. He has a background in Infrastructure and Information Security in a number of specialised environments such as financial services institutions, telecommunications companies, call centres, and other organisations across multiple continents. Barrie has experience in the integration of network infrastructure and telecommunications systems requiring high calibre secure design, testing and management. He has been involved in a variety of projects from the design and implementation of Internet banking systems to large-scale conferencing and telephony infrastructure, as well as penetration testing and other security assessments of business critical infrastructure.

James Eaton-Lee

James Eaton-Lee works as a Consultant specializing in Infrastructure Security who has worked with clients ranging from small businesses with a handful of employees to multinational banks. He has a varied background, including experience working with IT in ISPs, manufacturing firms, and call centers. James has been involved in the integration of a range of systems, from analogue and VOIP telephony to NT and AD domains in mission-critical environments with thousands of hosts, as well as UNIX & LINUX servers in a variety of roles. James is a strong advocate of the use of appropriate technology, and the need to make technology more approachable and flexible for businesses of all sizes, but especially in the SME marketplace in which technology is often forgotten and avoided. James has been a strong believer in the relevancy and merit of Open Source and Free Software for a number of years and - wherever appropriate - uses it for himself and his clients, integrating it fluidly with other technologies.

Sorry, we don't have any reviews for this title yet.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


- 3 submitted: last submission 09 Aug 2012

Errata type: Typo | Page number: 18



Errata type: Content | Page number: Not Mentioned

"CpScripts Autoinstaller" should be CpSkin Autoinstaller


Errata type: Content | Page number: 7

Wrong release date of version


Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Configuring IPCop Firewalls: Closing Borders with Open Source +    Inkscape 0.48 Illustrator's Cookbook =
50% Off
the second eBook
Price for both: £21.95

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

Chapter 1 briefly introduces some firewall and networking concepts. The chapter introduces the roles of several common networking devices and explains how firewalls fit into this.

Chapter 2 introduces the IPCop package itself, discussing how IPCop's red/orange/blue/green interfaces fit into a network topology. It then covers the configuration of IPCop in other common roles, such as those of a web proxy, DHCP, DNS, time, and VPN server.

Chapter 3 covers three sample scenarios where we learn how to deploy IPCop, how IPCop interfaces connect to each other and to the network as a whole.

Chapter 4 covers installing IPCop. It outlines the system configuration required to run IPCop, and explains the configuration required to get IPCop up and running.

In Chapter 5, we will learn how to employ the various tools IPCop provides us with to administrate, operate, troubleshoot, and monitor our IPCop firewall

Chapter 6 starts off with explaining the need for an IDS in our system and then goes on to explain how to use the SNORT IDS with IPCop.

Chapter 7 introduces the VPN concept and explains how to set up an IPSec VPN configuration for a system. Special focus is laid on configuring the blue zone — a secured wireless network augmenting the security of a wireless segment, even one already using WEP or WPA.

Chapter 8 demonstrates how to manage bandwidth using IPCop making use of traffic shaping techniques and cache management. The chapter also covers the configuration of the Squid web proxy and caching system.

Chapter 9 focuses on the vast range of add-ons available to configure IPCop to suit our needs. We see how to install add-ons and then learn more about common add-ons like SquidGuard, Enhanced Filtering, Blue Access, LogSend, and CopFilter.  

Chapter 10 covers IPCop security risks, patch management and some security and auditing tools and tests.

Chapter 11 outlines the support IPCop users have in the form of mailing lists and IRC.

In Detail

IPCop is a powerful, open source, Linux based firewall distribution for primarily Small Office Or Home (SOHO) networks, although it can be used in larger networks. It provides most of the features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way.
This book is an easy introduction to this popular application. After introducing and explaining the foundations of firewalling and networking and why they're important, the book moves on to cover using IPCop, from installing it, through configuring it, to more advanced features, such as configuring IPCop to work as an IDS, VPN and using it for bandwidth management. While providing necessary theoretical background, the book takes a practical approach, presenting sample configurations for home users, small businesses, and large businesses. The book contains plenty of illustrative examples.

This book is an easy-to-read guide to using IPCop in a variety of different roles within the network. The book is written in a very friendly style that makes this complex topic easy and a joy to read. It first covers basic IPCop concepts, then moves to introduce basic IPCop configurations, before covering advanced uses of IPCop. This book is for both experienced and new IPCop users.


Who this book is for

Anyone interested in securing their networks with IPCop — from those new to networking and firewalls, to networking and IT Professionals with previous experience of IPCop. No knowledge of Linux or IPCop is required. 

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software