|At a Glance|
|Product||Copfilter for IpCop|
|Summary||Open source network traffic filtering and anti-virus add-on for IPCop|
|Pros||• Power compilation of multiple open source tools
• Centralized anti-virus and anti-spam filtering
• Web based GUI for configuration
|Cons||• Requires some Linux ability to install and manage
• No content filtering
Network security is a significant issue for virtually all networks, both personal and business. As we increase our use of the Internet and network enabled devices, our private information, communication, and network devices are more and more exposed to uninvited parties.
Larger networks typically have significant investments in network security and filtering tools to protect information and control inbound and outbound communications. Fortunately, there are also solutions for small networks, ranging from software to hardware-based appliances. A few examples of hardware-based appliances include the recently reviewed Zyxel USG100, as well as the SonicWall TZ190W and D-Link DFLCPG310.
All three of these solutions integrate a physical router, firewall, and subscription-based network filtering tools. These three solutions range in price from $110-$735 to purchase the hardware, plus an additional $166-$418 in annual subscription fees.
For the technically adventurous, there are sound and "free" options that can be implemented with older computing hardware and open source software. I say "free" in quotes because although the software may be openly available, an investment in time and effort is required, which also has value.
"Free" options also generally have no warranties or support. So initiative and ingenuity are required to fully leverage and manage their capabilities. In this review, I'm going to cover one of those "free" options, Copfilter, which is an add-on to the open source firewall solution called IPCop.
One of the neat aspects of the IPCop and Copfilter solution is it centralizes traffic filtering and doesn't require software to be installed on each network client. Indeed, Copfilter could be used instead of software on individual PCs. Although an organization may prefer the enhanced security of both centralized and distributed security solutions, the reduced cost and computing overhead provided by a centralized Copfilter solution is a compelling proposition.
Copfilter filters network traffic such as email, web surfing and downloads, looking for viruses, spam and other exploits. It does not, however, provide web content filtering.
Copfilter includes an anti-virus engine called ClamAV. To scan email for viruses with two anti-virus engines, Copfilter also offers the option of adding the Linux version of F-Prot's anti-virus software. F-Prot is an anti-virus client similar to the more well-known Norton and McAfee applications. Note that the free version of F-Prot is designed for workstation based filtering, not centralized filtering as we're doing with Copfilter. To use F-Prot's server-based version, a subscription is required.
Copfilter is an add-on to IPCop, so you need IPCop up and running first. IPCop runs on standard PC components and I used a 3.2 GHz P4 CPU with 2 GB of RAM and a pair of Intel gigabit NICs. We reviewed IPCop awhile back and covered hardware, installation and uses, so I'll just focus on installing Copfilter.
Many open source solutions lack good documentation and require significant technical skill. Installing Copfilter does require some Linux knowledge, but there is a well written 46 page guide (README.pdf) available on Copfilter's website that I found very useful for installing and evaluating this tool.
The Copfilter guide is relatively user-friendly and doesn't presume advanced Linux skills. And it has directions for installing and administering Copfilter from both Linux and Windows machines. There are several Linux commands that have to be entered at the command line in IPCop, but each is listed in the guide. I was pleased to find the installation instructions worked as written.
To install Copfilter from a Windows machine, you'll need an SSH client like Putty and an SCP client like WinSCP on your Windows machine. SSH and SCP are included in many Linux distributions, so I used a Linux workstation behind my IPCop firewall to install and configure Copfilter. I found the installation boils down to 5 steps; each is pretty straightforward.
Step 1: Enable SSH and Web Proxy on IPCop
As with most other small network firewall/routers, IPCop is managed via a web based GUI. IPCop's web GUI is point and click, so enabling the SSH and Web Proxy features are a matter of clicking check boxes on a web page.
Step 2: Download Copfilter and F-Prot to a PC in IPCop's "Green" LAN
IPCop calls the network connected to its LAN interface "Green" and the network connected to its WAN interface "Red" as illustrated in Figure 1. Other interfaces can be installed in IPCop, each designated by a different color.
Figure 1: IpCop interfaces
Installing Copfilter is typically done from a PC connected to IPCop's “Green” or LAN interface. I used the Firefox browser on a Linux workstation connected to the “Green” interface of my IPCop to download both Copfilter (filename = copfilter-0.84beta3a.tgz) and F-Prot (filename = fp-Linux-i686-ws.tar.gz).
Step 3: Copy Copfilter and F-Prot to IPCop
After downloading the files, I copied them from my Linux workstation to my IPCop machine. From a terminal session on my Linux workstation, I typed the commands below.
scp -P 222 copfilter-0.84beta3a.tgz email@example.com:/root scp -P 222 fp-Linux-i686-ws.tar.gz firstname.lastname@example.org:/root
Step 4: SSH to IPCop
I used SSH to log in to the command line of my IPCop via 192.168.188.3. SSH (secure shell) is a secure network protocol for command line access from one machine to another. It works just like Telnet, but the traffic sent between the two machines is encrypted, preventing someone from capturing and reading the data transmitted.
Note that you use port 222 instead of the standard port 22 for SSH access to IPCop, as shown below.
ssh -P 222 email@example.com
Step 5: Expand and install Copfilter and F-Prot
It took seconds for each to complete, and once done, the Copfilter menu was created in the IPCop GUI and available for configuration without a reboot, although I rebooted anyway.
cd /root tar xzvf copfilter-0.84beta3a.tgz cd copfilter-0.84beta3a ./install cp /root/fp-Linux-i686-ws.tar.gz /root/copfilter/ cd /root/copfilter ./setup_util -f fp-Linux-i686-ws.tar.gz
With installation complete, the IPCop GUI shows an additional tab named Copfilter. This tab has the configuration options for the various traffic filters now incorporated into your IPCop Firewall, shown in Figure 2.
Figure 2: CopFilter tab
Notice in Figure 2 that there are configuration menus for POP3, SMTP, HTTP, FTP, AntiSpam and AntiVirus. You have to go into each of these menus and turn on the options in order for each type of traffic filtering to be enabled. It's point and click, so it isn't a big deal, but obviously an important step.