Sponsored By
Efika 5200B Project
Attaché case firewall: Pretty Good Firewallin category Operating Systems
proposed by lilliput on 16th November 2006 (accepted on 6th December 2006)
Project Summary
The size of EFIKA make it perfect for an attaché case size firewall. The project name chosen is \"Pretty Good Firewall\"The objectif of this project is to create a secure, small, and portable firewall that will provide to his user a secure connection to a network.
Pretty Good Firewall aim is to be used in non trusted environment, Wifi Hotspot in Airport, Internet access in Hotels, Demonstration in a potencial client, a remote user from their home environment...
The system will be based on OpenBSD/Linux (Depending on the presence of the drivers).
The system will support a connection to a network(s) using either a 56Kbps modem, wifi, or RJ45 network card. A Plug and play system will detect automatically the type of connection and will establish the connection if possible. Some connection may require some input (WPA key, PPPoE user account, which will be prompted through a webpage)
The status of the connection will be indicated on a Webpage.
The system will give some advance settings such as a disconnection based on the time or on the bandwidth used.
The firewall will also be able to create a remote secure connection to a company network using vpn technologies.
The different limitations due to firewalled connections will be ease by testing different type of VPN connections and adapte the configuration until one is being established.
An important key of The Pretty Good Firewall is to give a good network/internet response. In order to achieve this aim the Pretty Good Firewall will contain different mechanismes not to de-accelerate the connection. The DNS, and Web queries would be cached to increase the reactivity of the connection.
All these settings would be loaded through a DHCP server.
The proxy would be automaticly setup using the wpad technology.
The web browsing will also be secure using an open source antivirus associated to the proxy. All known viruses would be stopped before even been downloaded into the PC. The status webpage will keep a trace of all the security alerts.
The Proxy will also alert the user if any particular webpage are related to any phishing attack (using domain black listing rbl)
The PGF will also offer a boot on the network option which will allow to boot a safe Operating system. This system will be based on the Linux Knoppix system.
This functionality will let any user to use a computer ressources securely (logical Keylogger/virus threat/...)
A light IDS (snort inline) will indicate/block any known attack on the PGF.
The boot on the network, is also the perfect solution for any home worker using a company VPN network. The administrator is only giving access to a secure and trusted plateform to the internal network. In this case the security repport could be remotly sent to the administrator for analysis if required.
At any time the administrator keep control of the VPN connection and allow to any authorised home worker to securely access documents. The boot on the network will permit to keep
The PGF development will be done using already existing open source configured in a secure way which will give back to the user the simplicity of configuration and to the administrator the relief of having secure device plugged into his own network.
