[CentOS-devel] CentOS Firewall and UTM SIG

Fri Mar 21 23:05:33 UTC 2014
Shafiee Roozbeh <roozbeh.shafiee at gmail.com>

@eduardo
Yes you are right. You are not crazy dreamer ! A midrange UTM and uper
should support this features and another...

The technical topic will open later, for now we are talking about general
subjects !

Are goal is CentOS Security SIG ! A version of CentOS that provide features
for network security and my topics to discuss are:

- Do we need this SIG in CentOS ecosystem?
- Is it any parallel project in CentOS right now?
- Is CentOS a suitable base to provide and create this project?
- and anything you think...

:-)
On Mar 22, 2014 3:15 AM, "Eduardo Kaftanski" <ekaftan at gmail.com> wrote:

Can I elaborate a bit on what I would like this SIG to provide?

-An integrated web console for object oriented (objects being servers,
pc-workstations and people) network access manager. This
console would get installed in a centralized server (maybe a
small VM on whatever virtualization system you have)

-A small dedicated CentOS server that you can install over comodity
hardware. This would be an 'almost zero config' server. You only need
to specify the IP for the admin interface and the IP for the central
admin-server

-This small servers can act as firewalls, mail proxys, antiviruses,
web proxies, DNS, etc.

-Small network? One small VM for the adminserver + one box doing
firewall, proxy, mx, snort, etc.

-Growing up? install a second box. Select proxy off for box 1 on the admin
console, select proxy on on the second box. Select 'transparent on'. Select
antivirus on. Click apply. Box one is no longer your proxy but transparently
redirects proxy traffic to box two, now your proxy.

yes, I am a crazy dreamer, but its like Asterisk... if you want a very small
cheap PBX you can buy a Panasonic for US$500. You need Asterisk when you
want the strange and crazy features.

you dont install a CentOS firewall for a tiny network. A small WRT box
works better
is more stable and its way cheaper. You need a CentOS box when you are doing
strange things, like balancinh, HA, multiview DNS, multiple ISP links,
openvpn servers,
ipsec, etc..

Ah... at least down here customers place MUCH more weight on the ability to
selectively block access to their own people than protecting from
outside attacks
and 90% of the configurations I make have no external access at all. All
they
care is to be able to allow and block youtube and facebook with a mouse
click.







On Fri, Mar 21, 2014 at 6:36 PM, Shafiee Roozbeh
<roozbeh.shafiee at gmail.com> wrote:
> @Manuel
> Our goal is not IPtables rule generator ! We are talking about a version
of
> CentOS that provide unified threat management which will be install on a
> device or server. On this machine except iptables we need proxy and
caching
> service like squid and some tools else.
> Firewalling is one of our goal...
> :-)
>
> On Mar 22, 2014 1:51 AM, "Manuel Wolfshant" <wolfy at nobugconsulting.ro>
> wrote:
>>
>>
>>
>> On 21 martie 2014 22:50:39 EET, Shafiee Roozbeh
>> <roozbeh.shafiee at gmail.com> wrote:
>> >@Christoph
>> >Yes, I worked with this tool sometimes ago but I think that a web GUI
>> >is
>> >better for an administrator and our project because:
>> >
>> >- An administrator maybe doesn't access to a Linux  desktop to work
>> >with
>> >fwbuilder but with his/her tablet or smartphone or even a Microsoft
>> >Windows
>> >OS can work with web GUI
>> >
>> If you can expose a web interface, you can expose ssh /VNC/VPN whatever
to
>> a machine where fwbuilder can run. Google Play provides apps for all of
>> those and then some more
>>
>> >- Designing and development of web GUI with HTML/CSS is faster and
>> >easier
>> >that using a framework like Qt or GTK
>> >
>> >- The world is going to web !
>> And fwbuilder can run on your management workstation and push the rules
to
>> ANY server. Including the web server that you mentioned :)
>>
>
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
>



--
Eduardo Kaftanski
eduardo at kdi.cl
ekaftan at gmail.com
_______________________________________________
CentOS-devel mailing list
CentOS-devel at centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140322/ffef74b3/attachment-0007.html>