In this chapter, we examined a multitude of methods to secure your network perimeter and provide you, as the administrator, the access that is needed to administer the network. The Linux built-in firewall netfilter was covered extensively due to it s power and flexibility, not to mention availability, as a free stateful firewall. In addition to iptables, we looked at several GUI front ends that allow you to manage the netfilter firewall without knowing the iptables command line syntax. With your perimeter secured, the next step was to establish a secured doorway, so that you could sit at home and take care of the network. With command-line access via SSH, and Windows Terminal Services offering a remote desktop, FreeNX rounded out the offering by offering multiple remote desktop sessions from the same server.

Armed with this knowledge, there is no excuse to not have some type of firewall for protection on any and all unsecured connections. I say unsecured, not Internet intentionally, because any business partner, home user network, or the Internet are all considered untrusted, meaning you have no or incomplete administrative control over the security of the network you are connected to. Ultimately, you have no way to guarantee or enforce the proper security controls of an untrusted network. The sad fact is, if you have an Internet connection and don t have any type of firewall between a computer and the Internet, odds are very high that you have already been compromised. For other types of untrusted connections...