The Box

[Info Tech Geek]

Is there a box I can build that would work across and network type and along with any platform that would work as a firewall, router, and antivirus scanner? I want to build two, one is for a friend with a dial-up connection and 2 Windows 2K computers and the other is for myself who has High-Speed cable and a variety of computers running different platforms.

I don't care what kind of OS or how much configuration is involved in this project, but I know it is possible and I would also be able to record everything I do and possible write my own guide on my experience to distribute.

[phishphreek]

Your obvious choice for price is going to be linux based.

You may want to look at some all in one solutions such as smoothwall or ip cop .

I can't get to ip cop at the moment...

You will need 2 nics in the box and it will run on older hardware too. Other than that... after you configure it, you can pull the monitor, mouse and keyboard and do remote administration.

Or, start building a linux based solution from the ground up.

Smoothwall or ip cop would just be easier, IMO.

Don't know about your virus protection question though. For home, I've always used everything on the clients. At work, I have a AV server, but it pushes the defs out to the clients. Not a practical solution for a home setup becuase of the co$t of the solution.

[Info Tech Geek]

Phish,

The AntiVirus is the main concern. I'm working with a couple buddies on building a system as I mentioned. I know there has to be a way. There is so many situations where people don't understand security or the threats of the internet and I feel and all in one solution that plugs in and goes would be a prime answer. There is probably a box like I mentioned already out there, it is that I just haven't found it. I plan to work from the ground up, test it, and distribute my process and progress from step one to the final process. The main hold up is finding a service that will scan anything and everything it process for viruses. It may also require that the system it is built on be Processor and RAM heavy.

[phishphreek]

The only problem I see with the virus scanner on the firewall box... is:

In order to scan the virus, you have to have the file stored in memory or on the hard disk. Since that box would just be routing the traffic, it wouldn't catch the virus. It would have to download the file to memory or hard disk in order to scan it. Then pass it on to the requester after it has been scanned.

For home, you'll probably be better off installing the av client and have it autoupdate.

I read about (and posted) a solution that would catch the virus in transit... but I'll have to find the post. I'll see if I can find it then edit this.

EDIT: Found it. check out this thread.

But... if this only runs on windows, then you're going to drive the cost of the box up. You're going to need better hardware, pay for another OS, then pay for the firewall and then the AV software. If you do it client based... you can use older hardware for the router and don't have to pay for an OS... just the av software for the clients.

[Info Tech Geek]

Originally posted here by phishphreek80
The only problem I see with the virus scanner on the firewall box... is:

In order to scan the virus, you have to have the file stored in memory or on the hard disk. Since that box would just be routing the traffic, it wouldn't catch the virus. It would have to download the file to memory or hard disk in order to scan it. Then pass it on to the requester after it has been scanned.

Most companies I know have the software located on the mail server and it will spit an e-mail minus the attachment stating the item has been cleaned or the file was deleted. Is there any way to perform a similiar action? The people I usually end up doing the favor of cleaning their system get their viruses via e-mail by a forward happy friend.

Originally posted here by phishphreek80
But... if this only runs on windows, then you're going to drive the cost of the box up. You're going to need better hardware, pay for another OS, then pay for the firewall and then the AV software. If you do it client based... you can use older hardware for the router and don't have to pay for an OS... just the av software for the clients.

If I can perform the function correctly, it is not money out of my own pocket, it just saves me the time and headaches. I would still love to figure this out through linux. I understand the hardware will cost money, but if I could figure out a way to package a few utilities to perform the actions we are discussing this could end up being a heavily used document I will create. Then again, If I can find someone to help me re-write and package it together, I may have my own version of an Open Source Package I can distribute.

Then again, I might find it somewhere else... Already acheived and be happy with a functional piece of software I can really use.

[Info Tech Geek]

Would this be efficient on a Firewall/Router box or would I need a linux server in this case?

[i2c]

thats different to analysing the packets as they come though a firewall though, cos ur in effect anaylsing on the fly and that would require quick processors and even quicker access to pattern files,

if you think that a virus scan on a local computer can take upwards of 15minutes do you really want to have all you zips/exes/com files you download begin 15minutes after you first requested it? That might be acceptable if you downloading files over night.

although if you had a libary full of patterns of virii in transit as string text, to match against that would take a long time depending on quickess of the search, maybe by holding the strings in ram, 1 think you could do this with 1gb of ram.

i think some clever modification of something like ethereal would work.

what happens if the virii is inside a zip file, its falled then and for every type of other way of transporting it (zip, rar, binded to image) your gonna change the pattern

i2c

[Info Tech Geek]

What about under your MS software when you Right Click on a file to scan it. It only takes a matter of seconds and unless you are downloading 1000 mp3's off of IRC, you won't be pushing the VirusScan to stay active. I was more looking to have it scan (Web Based Mail Boxes and etc). I will also have an on client Virus Scan also.

[phishphreek]

I will also have an on client Virus Scan also.

Then, IMO, there is no need for the firewall/router to filter for viruses.

Just make sure that the program is set to autoupdate every couple of days.
Hopefully your users know better than to go opening emails from people they don't know, or don't expect.

Most web based email services offer virus protection before you download the attachment to your PC.

If you were going to setup your own mail server, then I would certainly advise you to put it on there... but if they are just retrieving from another service, an up2date client side AV *should* work just fine?

[Info Tech Geek]

I understand that, but it is just the point of the box. I would really like the box to serve these three services. It is just a safety net for the stupid user.