Hardware and Software Components

The recommended hardware platform for the CEQURUX Firewall is an Intel Pentium-based PC with at least 16Mb RAM and a 1Gb or larger hard-drive^2.2, two ISA or PCI Ethernet interfaces (PCI Plug and Play recommended), serial and parallel ports (for modems and printers, if required), and a VGA display. A CD-ROM is required for installation. SCSI is recommended; the firewall will install using some ATAPI IDE CD-ROM drives but not all.

The CEQURUX software consists of both publicly available and proprietary components. Apart from a BSD4.4Lite-based operating system, the firewall includes the following software components:

• The CERN httpd   World-Wide Web server, needed if you wish to have publicly-accessible WWW pages on the firewall.

• The gopherd   Gopher server, needed if you wish to have a publicly accessible gopher service running on the firewall.

• The elm   e-mail client, useful to read e-mail sent to the firewall administrator if this is kept on the firewall itself.

• The Midnight Commander file manager mc , a Norton Commander-like program; while not related to the firewalling functions, administrators may find this program useful.

• The gnuplot   plotting program, used to generate scatter plots of system log activity. These plots can be useful visual guides for seeing patterns of use and spotting possible problems or attempted attacks.

• The top  process viewer, which shows the currently running processes and information about system load and memory usage.
• The Squid caching proxy server.

• The CEQURUX application proxies.

• The CEQURUX transparent gateway.

• The CEQURUX authentication daemon, used for checking whether access to services should be granted (based on the service, the user or host making the request, and the time of day and day of week).

• The CEQURUX administration agent fwadmin, used for configuring and administrating the firewall. This is the login shell for the admin user.

• Various support utilities and scripts used by the administration agent.

• Authentication programs for use by remote users.

• Administration programs for remote administration from Microsoft Windows hosts.

Besides the firewall, you will also obviously need:

• An internal network or set of networks for which the firewall is to provide protection. The firewall is connected to one of these networks via an Ethernet NIC;

• An external network against which the firewall is to provide protection. This is usually the Internet. The connection in this case may be via an Ethernet NIC (in turn connected to a router), via a serial interface to a modem on a dial-up or leased line connected to some Internet Service Provider (ISP)  , or via a synchronous card to an X.21 or V.35 synchronous modem.