SlideShare a Scribd company logo

My virtual firewall

Download as PPTX, PDF
Brian Drew
Brian Drew

using the previously described vsphere lab, I created a dedicated ipcop firewall as a virtual machine to secure my home networks.

Technology
1 of 7
My Virtual Firewallby Brian Drew Last time I shared my home vSphere environment that I use to test and train on. I got a lot of positive feedback and wanted to follow up with my virtual firewall configuration. Prior to implementation I had a Comcast cable modem and Windows firewall on each PC. That was the extent of it and I knew better. I needed something stronger.
Overview Before and After Physical and Logical Components Next Steps Agenda As always the information contained within is not meant to be an exhaustive how-to manual but rather represent what I used to build a secure network using my virtual lab. I used IPCOP, an Open Source solution, on a virtual machine. The only “stickler” is the network config but that is easy too. The end-result is a decent, dedicated firewall and a little extra learning to boot.
I feel good about the IPCOP solution. I might give Microsoft Forefront Threat Management Gateway a try when I get some free time but for now I’m satisfied. I thought it worth showing before and after pics to get the overall jist of things. This is the BEFORE….. Overview
After - Physical By using that 3rd NIC in each HP ProliantMicroServer I was able to create the required environment. Caveat – notice the un-used on-board NIC on the other ESXi host.
In vSphere the networking looks like this on both hosts. I did not use vDS this first time around. Notice the ipcop VM is on 2 virtual switches The corresponding physical connections are then made After - logical
The ipcop server is set as the default gateway now for all devices on that LAN segment. All packets must go through the firewall inbound and outbound. Security is now up to the configuration of ipcop. To me that is a LOT better than having individual firewalls on each and virtual machine. Make sure to turn them all off if you go this route. You still need anti-virus. It’s beautiful
Go through icop documents and button things up if desired Other services that can be enabled include DHCP, NTP and Intrusion Detection – all are already “in the box” waiting to be enabled. I use all the services now – point ESXi servers at it for NTP. The Intrusion Detection is particularly interesting. Back to that unused network port. Regretfully, since I don’t have sophisticated equipment at home, when a ESXi host failure occurs, I need to move the cross-over cable to the other, live ESXi host. Everything else will take care of itself. THE END Next Steps

Recommended

pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
Chandrapal Badshah
 
uWSGI - Swiss army knife for your Python web apps
uWSGI - Swiss army knife for your Python web appsuWSGI - Swiss army knife for your Python web apps
uWSGI - Swiss army knife for your Python web apps
Tomislav Raseta
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
Tamas K Lengyel
 
HTCondor flocking between two clouds
HTCondor flocking between two cloudsHTCondor flocking between two clouds
HTCondor flocking between two clouds
Guy Tel-Zur
 
WWDC 2013
WWDC 2013WWDC 2013
WWDC 2013
mizoooi
 
DjangoZoom lightning talk
DjangoZoom lightning talkDjangoZoom lightning talk
DjangoZoom lightning talk
noderabbit
 
Nodejs
NodejsNodejs
Nodejs
Kishore Yekkanti
 
SharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft AzureSharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft Azure
Davide Benvegnù
 

Recommended

pwnd.sh
pwnd.shpwnd.sh
pwnd.sh
Chandrapal Badshah
 
uWSGI - Swiss army knife for your Python web apps
uWSGI - Swiss army knife for your Python web appsuWSGI - Swiss army knife for your Python web apps
uWSGI - Swiss army knife for your Python web apps
Tomislav Raseta
 
Stealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware AnalysisStealthy, Hypervisor-based Malware Analysis
Stealthy, Hypervisor-based Malware Analysis
Tamas K Lengyel
 
HTCondor flocking between two clouds
HTCondor flocking between two cloudsHTCondor flocking between two clouds
HTCondor flocking between two clouds
Guy Tel-Zur
 
WWDC 2013
WWDC 2013WWDC 2013
WWDC 2013
mizoooi
 
DjangoZoom lightning talk
DjangoZoom lightning talkDjangoZoom lightning talk
DjangoZoom lightning talk
noderabbit
 
Nodejs
NodejsNodejs
Nodejs
Kishore Yekkanti
 
SharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft AzureSharePoint Disaster Recovery in Microsoft Azure
SharePoint Disaster Recovery in Microsoft Azure
Davide Benvegnù
 
Openstack trystack
Openstack trystack Openstack trystack
Openstack trystack
Eueung Mulyana
 
Nmap2Nessus Presentation Slides at Black Hat Asia Arsenal 2015
Nmap2Nessus Presentation Slides at Black Hat Asia Arsenal 2015Nmap2Nessus Presentation Slides at Black Hat Asia Arsenal 2015
Nmap2Nessus Presentation Slides at Black Hat Asia Arsenal 2015
Keith Lee
 
The Secret Sauce in the Open Cloud
The Secret Sauce in the Open CloudThe Secret Sauce in the Open Cloud
The Secret Sauce in the Open Cloud
hugs
 
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
The Linux Foundation
 
Writing Serverless Application in Java with comparison of 3 approaches: AWS S...
Writing Serverless Application in Java with comparison of 3 approaches: AWS S...Writing Serverless Application in Java with comparison of 3 approaches: AWS S...
Writing Serverless Application in Java with comparison of 3 approaches: AWS S...
Andrew Zakordonets
 
Newgenlib Installation on Ubuntu 12.04
Newgenlib Installation on Ubuntu 12.04Newgenlib Installation on Ubuntu 12.04
Newgenlib Installation on Ubuntu 12.04
Rajendra Singh
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
 
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
The Linux Foundation
 
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
The Linux Foundation
 
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
The Linux Foundation
 
Puppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for Puppet
Puppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for PuppetPuppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for Puppet
Puppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for Puppet
NETWAYS
 
Effective Documentation for Open Source Projects (Open Source 101 Version)
Effective Documentation for Open Source Projects (Open Source 101 Version) Effective Documentation for Open Source Projects (Open Source 101 Version)
Effective Documentation for Open Source Projects (Open Source 101 Version)
Bryan Hughes
 
The Pillars Of Concurrency
The Pillars Of ConcurrencyThe Pillars Of Concurrency
The Pillars Of Concurrency
aviade
 
Erlang On Xen @ Kiev Functional Programming event, Aug 3 2013
Erlang On Xen @ Kiev Functional Programming event, Aug 3 2013Erlang On Xen @ Kiev Functional Programming event, Aug 3 2013
Erlang On Xen @ Kiev Functional Programming event, Aug 3 2013
Viktor Sovietov
 
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
The Linux Foundation
 
DCSF 19 eBPF Superpowers
DCSF 19 eBPF SuperpowersDCSF 19 eBPF Superpowers
DCSF 19 eBPF Superpowers
Docker, Inc.
 
Virtualization and SAN Basics for DBAs
Virtualization and SAN Basics for DBAsVirtualization and SAN Basics for DBAs
Virtualization and SAN Basics for DBAs
Quest Software
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios
 
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
South Tyrol Free Software Conference
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpn
antitree
 
Open stack with_openflowsdn-torii
Open stack with_openflowsdn-toriiOpen stack with_openflowsdn-torii
Open stack with_openflowsdn-torii
Hui Cheng
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Ajeet Singh
 

More Related Content

What's hot

The Secret Sauce in the Open Cloud
The Secret Sauce in the Open CloudThe Secret Sauce in the Open Cloud
The Secret Sauce in the Open Cloud
hugs
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
Db Cooper
 
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
The Linux Foundation
 
The Pillars Of Concurrency
The Pillars Of ConcurrencyThe Pillars Of Concurrency
The Pillars Of Concurrency
aviade
 
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
The Linux Foundation
 
Virtualization and SAN Basics for DBAs
Virtualization and SAN Basics for DBAsVirtualization and SAN Basics for DBAs
Virtualization and SAN Basics for DBAs
Quest Software
 

What's hot (20)

Openstack trystack
Openstack trystack Openstack trystack
Openstack trystack
 
Nmap2Nessus Presentation Slides at Black Hat Asia Arsenal 2015
Nmap2Nessus Presentation Slides at Black Hat Asia Arsenal 2015Nmap2Nessus Presentation Slides at Black Hat Asia Arsenal 2015
Nmap2Nessus Presentation Slides at Black Hat Asia Arsenal 2015
 
The Secret Sauce in the Open Cloud
The Secret Sauce in the Open CloudThe Secret Sauce in the Open Cloud
The Secret Sauce in the Open Cloud
 
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
Unikernel User Summit 2015: The Next Generation Cloud: Unleashing the Power o...
 
Writing Serverless Application in Java with comparison of 3 approaches: AWS S...
Writing Serverless Application in Java with comparison of 3 approaches: AWS S...Writing Serverless Application in Java with comparison of 3 approaches: AWS S...
Writing Serverless Application in Java with comparison of 3 approaches: AWS S...
 
Newgenlib Installation on Ubuntu 12.04
Newgenlib Installation on Ubuntu 12.04Newgenlib Installation on Ubuntu 12.04
Newgenlib Installation on Ubuntu 12.04
 
2600 av evasion_deuce
2600 av evasion_deuce2600 av evasion_deuce
2600 av evasion_deuce
 
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
CIF16: Unikernels: The Past, the Present, the Future ( Russell Pavlicek, Xen ...
 
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...
 
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...
 
Puppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for Puppet
Puppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for PuppetPuppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for Puppet
Puppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for Puppet
 
Effective Documentation for Open Source Projects (Open Source 101 Version)
Effective Documentation for Open Source Projects (Open Source 101 Version) Effective Documentation for Open Source Projects (Open Source 101 Version)
Effective Documentation for Open Source Projects (Open Source 101 Version)
 
The Pillars Of Concurrency
The Pillars Of ConcurrencyThe Pillars Of Concurrency
The Pillars Of Concurrency
 
Erlang On Xen @ Kiev Functional Programming event, Aug 3 2013
Erlang On Xen @ Kiev Functional Programming event, Aug 3 2013Erlang On Xen @ Kiev Functional Programming event, Aug 3 2013
Erlang On Xen @ Kiev Functional Programming event, Aug 3 2013
 
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
CIF16: Solo5: Building a Unikernel Base From Scratch (Dan Williams, IBM)
 
DCSF 19 eBPF Superpowers
DCSF 19 eBPF SuperpowersDCSF 19 eBPF Superpowers
DCSF 19 eBPF Superpowers
 
Virtualization and SAN Basics for DBAs
Virtualization and SAN Basics for DBAsVirtualization and SAN Basics for DBAs
Virtualization and SAN Basics for DBAs
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
SFScon 2020 - Jakob Schwienbacher - Linux as HA Router - Linux Kernel keepali...
 
Nsa and vpn
Nsa and vpnNsa and vpn
Nsa and vpn
 

Viewers also liked

CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
Sebastien Goasguen
 

Viewers also liked (13)

Open stack with_openflowsdn-torii
Open stack with_openflowsdn-toriiOpen stack with_openflowsdn-torii
Open stack with_openflowsdn-torii
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStack
 
Towards a Reliable SDN Firewall
Towards a Reliable SDN FirewallTowards a Reliable SDN Firewall
Towards a Reliable SDN Firewall
 
CloudStack and SDN
CloudStack and SDNCloudStack and SDN
CloudStack and SDN
 
Virtual Firewall Management
Virtual Firewall ManagementVirtual Firewall Management
Virtual Firewall Management
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewall
 
Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture Palo Alto Virtual firewall deployment Architecture
Palo Alto Virtual firewall deployment Architecture
 
How will virtual networks, controlled by software, impact OSS systems?
How will virtual networks, controlled by software, impact OSS systems?How will virtual networks, controlled by software, impact OSS systems?
How will virtual networks, controlled by software, impact OSS systems?
 
SDN/NFV: Service Chaining
SDN/NFV: Service Chaining SDN/NFV: Service Chaining
SDN/NFV: Service Chaining
 
NFV for beginners
NFV for beginnersNFV for beginners
NFV for beginners
 
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
Cisco SDN/NVF Innovations (SDN NVF Day ITB 2016)
 
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
F5 perspective of nfv+sdn (SDN NFV Day ITB 2016)
 

Similar to My virtual firewall

Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
IGedeArieYogantaraSu
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
Ike Clinton
 

Similar to My virtual firewall (20)

Netw190 final project_joshua_brown
Netw190 final project_joshua_brownNetw190 final project_joshua_brown
Netw190 final project_joshua_brown
 
i212764_CLC_A1_Report.docx.pdf
i212764_CLC_A1_Report.docx.pdfi212764_CLC_A1_Report.docx.pdf
i212764_CLC_A1_Report.docx.pdf
 
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisHacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysis
 
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysis
 
eBPF — Divulging The Hidden Super Power.pdf
eBPF — Divulging The Hidden Super Power.pdfeBPF — Divulging The Hidden Super Power.pdf
eBPF — Divulging The Hidden Super Power.pdf
 
Raspberry with laptop
Raspberry with laptopRaspberry with laptop
Raspberry with laptop
 
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architecture
 
Immutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkitImmutable kubernetes architecture by linuxkit
Immutable kubernetes architecture by linuxkit
 
Cfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymoreCfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymore
 
Beginning Kindle Hackery
Beginning Kindle HackeryBeginning Kindle Hackery
Beginning Kindle Hackery
 
eBPF — Divulging The Hidden Super Power.pdf
eBPF — Divulging The Hidden Super Power.pdfeBPF — Divulging The Hidden Super Power.pdf
eBPF — Divulging The Hidden Super Power.pdf
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Sec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brownSec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brown
 
Using Batfish for Network Analysis
Using Batfish for Network AnalysisUsing Batfish for Network Analysis
Using Batfish for Network Analysis
 
Mcollective introduction
Mcollective introductionMcollective introduction
Mcollective introduction
 
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted GraphiteSREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
SREcon Europe 2016 - Full-mesh IPsec network at Hosted Graphite
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Recently uploaded (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

My virtual firewall

  • 1. My Virtual Firewallby Brian Drew Last time I shared my home vSphere environment that I use to test and train on. I got a lot of positive feedback and wanted to follow up with my virtual firewall configuration. Prior to implementation I had a Comcast cable modem and Windows firewall on each PC. That was the extent of it and I knew better. I needed something stronger.
  • 2. Overview Before and After Physical and Logical Components Next Steps Agenda As always the information contained within is not meant to be an exhaustive how-to manual but rather represent what I used to build a secure network using my virtual lab. I used IPCOP, an Open Source solution, on a virtual machine. The only “stickler” is the network config but that is easy too. The end-result is a decent, dedicated firewall and a little extra learning to boot.
  • 3. I feel good about the IPCOP solution. I might give Microsoft Forefront Threat Management Gateway a try when I get some free time but for now I’m satisfied. I thought it worth showing before and after pics to get the overall jist of things. This is the BEFORE….. Overview
  • 4. After - Physical By using that 3rd NIC in each HP ProliantMicroServer I was able to create the required environment. Caveat – notice the un-used on-board NIC on the other ESXi host.
  • 5. In vSphere the networking looks like this on both hosts. I did not use vDS this first time around. Notice the ipcop VM is on 2 virtual switches The corresponding physical connections are then made After - logical
  • 6. The ipcop server is set as the default gateway now for all devices on that LAN segment. All packets must go through the firewall inbound and outbound. Security is now up to the configuration of ipcop. To me that is a LOT better than having individual firewalls on each and virtual machine. Make sure to turn them all off if you go this route. You still need anti-virus. It’s beautiful
  • 7. Go through icop documents and button things up if desired Other services that can be enabled include DHCP, NTP and Intrusion Detection – all are already “in the box” waiting to be enabled. I use all the services now – point ESXi servers at it for NTP. The Intrusion Detection is particularly interesting. Back to that unused network port. Regretfully, since I don’t have sophisticated equipment at home, when a ESXi host failure occurs, I need to move the cross-over cable to the other, live ESXi host. Everything else will take care of itself. THE END Next Steps