Improve your Computer Security: Build your own firewall

in technology •  7 years ago  (edited)

puffy.gif

We all know what I firewall is, right? It's a device that sits between you (or your network), and the Internet. It decides which packets are allowed to come from the Internet, to you, and which packets are allowed to go from you to the Internet. A properly configured firewall will protect you from all kinds of nasty things.

Do I have a firewall now?

Probably, in some form. Most cable modems nowadays come with some firewall functionality. The problem is, this functionality is being provided by a device that cannot be trusted. Cable modems and many consumer grade firewalls are notoriously poor when it comes to security. In all likelihood (especially if you have a large provider) your ISP is one of the primary people spying on you, so .. why would you trust a device supplied by them?

Why do I need a different one?

A much greater level of confidence can be placed in a firewall you build yourself. In this way, you can be more certain that there are no blatant security holes and no backdoors. Nothing is perfect, but a hand-built open source based firewall is a much better bet than something off the shelf.

What do I need?

A Computer

More or less, a second computer. You can use an old PC, or an old laptop. If you are buying one for the purpose, find something low power, as it's going to be on all the time. This computer will need at least two network cards -- one which talks to the Internet, and one which talks to your network. If you are short a network card, you can easily buy one (maybe a USB version, or PCI, if you have an older workstation.)

Laptops are great because they are low power, have a built in status screen, and come with in-built battery backup. Personally, I use an older toughbook laptop with a secondary USB 2.0 network card.

Software

You'll need some firewall software. It should be noted that almost any modern open source operating system can be used as a firewall: you can download the latest version of the fanciest version of Linux, and configure this to act as your firewall. You probably don't want this though: what you want is a specialized distribution made for firewalls. These will be lower weight, have fewer services running, and generally be more secure. My favorite firewall-specific distribution is called "pfsense", although I personally use just a vanilla copy of OpenBSD and pf (packet filter, the firewall software.)

The ability to configure it

This is not hard: there are ample guides available for configuring pfsense and OpenBSD pf. With that said, some familiarity of Linux/BSD is a major asset, as is being comfortable at a command line.

Have a look at the following page:

https://www.openbsd.org/faq/pf/

As far as I am concerned, this is the ideal firewall. You can't go wrong with OpenBSD, although it is not exactly beginner friendly. It's not that hard either, but if you are looking for a plug and play solution, OBSD is not quite it.

If that all looks too complicated to you, check out pfsense instead: it's a little more gentle. Pfsense is a highly regarded firewall package that is simpler to configure, and maintains many of the benefits of the OpenBSD solution (while providing its own.) Pfsense is going to be a lot closer to the routers/firewalls most people have configured before.

pfsense-screenshot-1.png

Alright, so ...

Get a second computer.

Make sure it has a second network card. If not, get one.

Decide on your firewall software

Download it. Burn it to USB, CD or DVD

Boot the software. Install it. Configure it

Plug it in, turn it on and hope for the best

Almost assuredly, you'll run into problems. You won't have Internet. No one does this perfectly the first time. Thankfully, great resources abound, and you'll almost certainly find what you need. Persevere, and you'll end up being a little bit more secure, a little bit more insulated from the warzone that is the Internet, ca. 2018. Just make sure you maintain the ability to remain connected even with a broken/half working firewall. Don't put the thing into actual use until you've tested that it works!

As a final note: depending on your existing router/firewall, you MAY be able to download open source software for it! A lot of the linksys and dlink devices can be flashed with something called OpenWRT, or similar. Basically you replace the software that ships on the device with stuff created by open source folks. It's definitely worth looking into, as you may be able to run an open source router without a second PC. Be careful with this though: if you blow up a secondary computer that was not being used in the first place, that's one thing. If you brick your only firewall, that's another!

Good luck to you. May your firewall burn brightly!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

The @OriginalWorks bot has determined this post by @xwalkran to be original material and upvoted it!

ezgif.com-resize.gif

To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!

Please note that this is a BETA version. Feel free to leave a reply if you feel this is an error to help improve accuracy.

Your Post Has Been Featured on @Resteemable!
Feature any Steemit post using resteemit.com!
How It Works:
1. Take Any Steemit URL
2. Erase https://
3. Type re
Get Featured Instantly – Featured Posts are voted every 2.4hrs
Join the Curation Team Here

Okay, this just went straight over my head I'm afraid! Question; does the firewall computer still need to be running if you switch the internet connection off overnight?

PS: I recently came across @steemstem STEM being Science, Technology, Engineering and Mathematics. You might be able to tag this sort of post to #steemstem which could get it more of the attention it deserves.