ระบบปฏิบัติการฟรีสำหรับทำเราเตอร์และไฟว์วอลล์ (Open Source Router and Firewall)

Open Source Router and Firewall, Server Package Software, Package NOS

หากพูดถึงระบบปฏิบัติการเครือข่ายหรือ Network Operating System (NOS)แบบเดี่ยวๆ ยอดนิยมในปัจจุบันทุกท่านคงรู้จักระบบ Windows Server, Linux Server หรือ Mac OS X กันแล้ว การดูแลระบบด้วย NOS เหล่านี้ผู้ดูแลระบบเครือข่าย (SysAdmin) ต้องมีการติดตั้งเซอร์วิส รวมทั้งต้องปรับแต่งค่าคอนฟิกค่าต่างๆ เองทั้งหมด จึงใช้ระยะเวลาในการเรียนรู้พอสมควร ทำให้ยากในการเรียนรู้สำหรับ SysAdmin มือใหม่

ปัจุบบันยังมีระบบปฏิบัติการอีกกลุ่มหนึ่งเรียกว่าระบบปฏิบัติการแบบแพ็กเกจสำเร็จรูปหรือ Package NOS หลังการติดตั้งผู้ดูแลระบบสามารถเรียกใช้งานได้ทันที ทำให้ง่ายในการเรียนรู้มาก ตัวอย่าง Package NOS ที่นิยมในเมืองไทย อาทิ เช่น IPCop, ClearOS, pfSense, Endian Firewall, IPFire เป็นต้น

คิดว่าหลายท่านศึกษาระบบลีนุกซ์หรือเปลี่ยนสายงานมาสู่การทำงานตำแหน่ง SysAdmin ด้วยระบบเหล่านี้ การที่จะเลือก Package NOS ตัวใดแนะนำให้ลองติดตั้งทดสอบว่า Package NOS ตัวใดเหมาะสมกับองค์กร/หน่วยงานที่เพื่อนๆ SysAdmin ทำอยู่ โดยการทดสอบผ่านซอฟต์แวร์ Virtualization อย่าง Oracle VirtualBox หรือ VMWare หรือ Hyper-V

ระบบปฏบัติการกลุ่มนี้ หากมองเปรียบเทียบก็คล้ายๆ กับระบบ CMS/LMS อย่าง Joomla!, WordPress, Drupal หรือ Moodle หลังการติดตั้งผู้ใช้งานก็สามารถใช้งานได้ทันที บริหารทุกอย่างผ่านทาง web-based ไม่ต้องลงทุนคอนฟิกมากมาย

ระบบปฏฺบัติการฟรีสำหรับทำเราเตอร์และไฟว์วอลล์ (Open Source Router and Firewall)

- BrazilFW (http://www.brazilfw.com.br)
BrazilFW is a mini Linux distribution designed to be used as a Firewall and Router that runs easily on older computers. An old PC running BrazilFW is much more powerful and efficient than commercial software for routing in offices and residences running on a "powerful" computer. BrazilFW is based on Coyote Linux, which was designed by Joshua Jackson who discontinued Coyote Linux in version 2.24 in August 2005. In that same month comes on the scene BrazilFW Firewall and Router (BFW) with version 2.24, which is led by "Claudio" and "Marcelo - Brazil", running only on floppy disks, and being 2.30.1 the last version with this support . The following versions, as well having automatic detection of network cards, only run on large capacity media, such as hard disk (HD).


- BSD Router Project (BSDRP) (http://bsdrp.net/) ** แนะนำ
BSD Router Project (BSDRP) is an open source router distribution based on FreeBSD that includes Quagga and Bird. It provides disk images which can be installed on Compact Flash cards, USB keys and hard disks. BSDRP targets small ISPs and datacenters, and configuration is done from CLI only (no WebGUI).


- ClearOS (http://www.clearfoundation.com)
ClearOS Enterprise is a server, network, and gateway platform designed for small businesses and distributed enterprise environments. ClearOS Enterprise is based upon ClearOS Core which is a rebuild of Red Hat Enterprise Linux. The distribution is flexible and includes an extensive list of features and integrated services which can be configured through a web-based interface. Some of the tools found in ClearOS Enterprise include anti-virus, anti-spam, VPN, content filtering, bandwidth manager, file services, SMTP services, print services, SSL certification, and web services. ClearOS includes a marketplace which simplifies the installation of software including 3rd party modules. The distribution is provided as a free download, inclusive of basic OS updates with free registration.


- Coyote Linux (http://www.coyotelinux.com)
Coyote Linux is a small distribution of Linux, including the operating system and the necessary services for a firewall/router, intended for easy NAT sharing of an internet connection with a single IP address among many computers on a local network, using spare "commodity" hardware. The project was originally started in 1998 to provide a very simple way of creating a Linux based firewall system for systems with broad-band Internet connections. Initial versions of Coyote Linux had both a Microsoft Windows program and a set of shell scripts for Linux to create the firewall boot-disk.


- Devil-Linux(http://www.devil-linux.org)
Devil-Linux is a CD-based Linux distribution for firewalls and routers. The goal of Devil-Linux is to have a small, customizable and secure (what is secure on the Internet?) Linux. The future of Devil-Linux will go far beyond an ordinary router, we will provide a lot of other services, but the distribution will still be easy and fast to maintain.


- Endian Firewall (http://www.endian.com)
Endian Firewall is a Unified Threat Management (UTM) Appliance that protects networks and improves connectivity. Based on Red Hat Enterprise Linux, Endian Firewall is 100% open source and includes a wide variety of features, such as stateful inspection firewall, HTTP/FTP anti-virus, content filter, POP3/SMTP anti-virus, anti-phishing and anti-spam tools, true SSL/TLS VPN, IDS, and other features.


- EnGarde (http://www.engardelinux.org/modules/index/index.cgi) ** แนะนำ
EnGarde Secure Linux was an open source server-only Linux distribution developed by Guardian Digital. EnGarde incorporates open source tools such as Postfix, BIND, and the LAMP stack.
EnGarde Secure Linux was one of the earliest distributions to include SELinux for complete server implementations, and was one of the very first Linux server platforms designed solely for security


- IPCop (http://www.ipcop.org)
IPCop Linux is a complete Linux Distribution whose sole purpose is to protect the networks it is installed on. After seeing the direction certain Linux Distributions were heading in, a group of dissatisfied users/developers decided that there was little reason for the idea of a GPL Linux Firewall Distribution of such potential to be, simply, extinguished. By implementing existing technology, outstanding new technology and secure programming practices IPCop is the Linux Distribution for those wanting to keep their computers/networks safe. The IPCop Linux Team is dedicated to doing the very best job possible to keep your systems safe, as you can see on our site. "The Bad Packets Stop Here!"


- IPFire (http://www.ipfire.org) พัฒนามาจาก Endian ** แนะนำ
IPFire is a Linux distribution that focusses on easy setup, good handling and high level of security. It is operated via an intuitive web-based interface which offers many configuration options for beginning and experienced system administrators. IPFire is maintained by developers who are concerned about security and who update the product regularly to keep it secure. IPFire ships with a custom package manager called Pakfire and the system can be expanded with various add-ons.


- m0n0wall (http://m0n0.ch/wall/) พัฒนามาจาก FreeBSD

m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server (thttpd), PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent. m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.


- pfSense (https://www.pfsense.org) พัฒนามาจาก FreeBSD ** แนะนำ

pfSense is a m0n0wall-derived operating system. It uses Packet Filter, FreeBSD 6.x (or DragonFly BSD when ALTQ and CARP is finished), ALTQ for excellent packet queuing, and an integrated package management system for extending the environment with new features.


- Securepoint Security Suite (http://www.securepoint.cc)
Securepoint Security Solutions offers a full-featured suite of firewall tools designed for enterprisewide deployment. Not only can it protect an internal network from outside attacks, it also helps segregate parts of your internal network and define custom protection rules for each. Securepoint lets you create and manage VPN tunnels for remote users and define traffic filters, reports, and alerts for your entire network. Securepoint Freeware is a very secure and free firewall solution for protecting your Internet gateway. Securepoint can as well be used with existing firewalls and to protect interconnected locations or divisions.


- Sentry Firewall (http://www.sentryfirewall.com) - Sentry Firewall CD
Sentry Firewall is a free open-source network firewall Linux distribution that was first published in 2001 and has been the subject of multiple magazine reviews. The distribution is particularly notable because it consists solely of a bootable CD-ROM that is designed to be used in a computer with no hard disk. Configuration information is retrieved at boot time by automatically searching on an attached floppy disk drive, USB flash memory drive, or another server on the local network willing to provide the configuration.


- SmartRouter (http://www.smartrouter.com.br)
SmartRouter is a small distribution of Linux, including the operating system and the necessary services for a firewall/router, intended for easy NAT sharing of an internet connection with a single IP address among many computers on a local network, using spare "commodity" hardware.


- SME Server (http://wiki.contribs.org)
SME Server is a leading Open Source distribution for small and medium enterprises. It is a simple, powerful, secure Linux server for networking and communicating, used by thousands of individuals, companies and organizations all over the world. SME Server provides a friendly, free alternative to expensive proprietary software, standing apart from the competition by shipping with most common functionality preconfigured, and features a number of popular additional enhancements in the form of downloadable Contributions.


- Smoothwall(http://www.smoothwall.org)
Smoothwall is a family of Internet security products, designed to defend your users and your network from external attacks. Smoothwall Express is based on the Linux operating system. Linux is the ideal choice for security systems; it is well proven, secure, highly configurable and freely available as open source code. Smoothwall includes a hardened subset of the GNU/Linux operating system, so there is no separate OS to install. Designed for ease of use, Smoothwall is configured via a web-based GUI, and requires absolutely no knowledge of Linux to install or use.


- Sophos UTM (http://www.sophos.com/en-us/products/unified-threat-management.aspx)
Sophos UTM (formerly Astaro Security Gateway) offers an integrated software solution that provides superior performance in an all-in-one firewall. Its hardened operating system, stateful packet inspection, content filtering (virus & surf protection), application proxies and IPsec based VPN provides a powerful solution to today's security issues. It is designed to maximise networks security without compromising its performance enabling telecommuters, branch offices, customers and suppliers to safely share critical business information. Our proprietary user interface, WebAdmin allows ease of use and manageability of all open source firewall components, as well as the Up2Date service via the Internet. It is easy to install with all components on one CD achieving simple implementation and integration to existing network environments.


- Tomato (firmware) (http://www.polarcloud.com/tomato)
Tomato is a partially free HyperWRT-based, Linux core firmware distribution for a range of Broadcom chipset based wireless routers, most notably the older-model Linksys WRT54G (including the WRT54GL and WRT54GS), Buffalo AirStation, Asus Routers and Netgear's WNR3500L. Among other notable features is the user interface, which makes heavy use of Ajax as well as an SVG-based graphical bandwidth monitor.


- Untangle NG Firewall (http://www.untangle.com/untangle-ng-firewall)
Untangle NG Firewall is a Debian-based network gateway with pluggable modules for network applications like spam blocking, web filtering, anti-virus, anti-spyware, intrusion prevention, VPN, SSL VPN, firewall, and more


- Vyatta(http://www.vyatta.org)
Vyatta software is a complete, ready-to-use, Debian-based distribution that is designed to transform standard x86 hardware into an enterprise-class router / firewall. Vyatta software includes support for commonly used network interfaces, and industry-standard routing protocols and management protocols. Unlike previous open-source routing projects, all these features are configurable via a single command-line interface (CLI) or web-based graphical user interface (GUI). Vyatta software is available as a free Community Edition as well as tiered Software Subscriptions that include maintenance, upgrades and support.


- VyOS (http://vyos.net) พัฒนามาจาก Debian
VyOS is a community fork of Vyatta, a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.


- Zentyal (http://www.zentyal.org) ในอตีดใช้ชื่อ eBox, พัฒนามาจาก Ubuntu Server
Zentyal (formerly eBox Platform) is a program for a Linux server for small and medium enterprises (SMBs), considered an alternative to Windows Server and other Microsoft infrastructure products for SMBs. Zentyal can act as a gateway, Network Infrastructure Manager, Unified Threat Manager, office server, Unified communications server or a combination of them. Zentyal is based on Ubuntu and it can be installed either from Ubuntu repositories or from Zentyal's own installer.


- Zeroshell (http://www.zeroshell.net)
Zeroshell is a small Linux distribution for servers and embedded devices with the aim to provide network services. It is available in the form of live CD or compact Flash image and it can be configured using a web browser. The main features of Zeroshell include: load balancing and failover of multiple Internet connections, UMTS/HSDPA connections by using 3G modems, RADIUS server for providing secure authentication and automatic management of encryption keys to wireless networks, captive porta

สรุป
ระบบ Package NOS เป็นเพียงทางเลือกในการดูแลระบบเท่านั้น แท้ที่จริงแล้วการทำงานสาย SysAdmin ท่านต้องดูแลระบบหลายเพลตฟอร์มร่วมกัน กล่าวได้ว่าต้องใช้งานทั้งระบบ Windows Server, Linux Server(RHEL,CentOS, Ubuntu) รวมทั้งระบบ Package NOS อีกทั้งต้องศึกษาหาความรู้ด้าน Network Security และเข้าร่วมชุมชนผู้ดูแลระบบเครือข่ายเพิ่มเติมเพื่อแลกเปลี่ยนแนวคิด และความรู้ร่วมกัน

ข้อมูลอ้างอิง
- http://www.arnut.com/bb/node/298

--
รวบรวมโดย
Aj.Arnut Ruttanatirakul
(c) SysAdmin Knowledge
http://www.sysadmin.in.th
March 24, 2014

Network Monitoring

Network Command

SysAdmin LINE

LINE ID: sys-ad-min-book