Loading...
Saturday, July 21, 2012

Devil Linux - the firewall

Devil-Linux is a distribution which boots and runs completely from CDROM or USB flash drive. The configuration can be saved to a floppy diskette or a USB pen drive. Devil Linux was originally intended to be a dedicated firewall/router but now Devil-Linux can also be used as a dedicated server for many applications. Attaching an optional hard drive is easy, and many network services are included in the distribution.

Because boot/OS and (optionally) configuration [in a tarball] are stored on read-only media, Devil-Linux offers high security with easy and safe upgrades, the system being fully configurable with no writeable system device. If hard drive(s) are added for data storage, LVM is standard (easing expansion and backup) and software Raid is straightforward. Virtual machine use is also well supported, with VMware modules built-in.

What makes Devil Linux the best Firewall on the market
Devil-Linux is not like any other distribution. It is created from IT Administators for IT Administrators. We know what you need, because we need it too!

Boots from CD

Traditionally Devil Linux boots from a CD-ROM which is read-only by nature. This means an intruder will not be able to install i.e. an "ordinary" root kit.

Boots from USB pendrive

As all movable parts in your computer, the CD-ROM is prone to failure. This is the reason why we provide a script to install the entire system on an USB pendrive. Note: You need a computer which is able to boot from USB harddisks, in order to use this feature.

Configuration is saved on a floppy disc or on a USB Flash Media

Due to the read-only nature of CD-ROMs, you need a place to save your configuration files. This can either traditionally be on a floppy disc or on a USB flash media (like a pendrive), to increase the reliability.

Configuration can be burned on CD

There are cases when you have to ensure that the configuration can't be modified. This is the reason why we provide the feature for loading the configuration archive from the (read-only) CD-ROM.

No need for a harddisk although it can optionally be used for data storage

Most distributions need a harddisk for data storage, with DL this is completely optional. Reasons for adding harddisk data storage would be, i.e. when you use DL as your email hosting server or for file sharing. DL uses dynamic disc configuration via the Logical Volume Manager, which makes adding and maintaining the harddisk storage easy (regardless if you have only 1 GB or 1 TB of data).

Support for Intel 486 and higher

Got some old boxes in your bone yard? For most internet connection an old computer is enough to play the role of your Firewall, this is the reason why we still support 486 CPUs. But we're not stuck with old technologies, we also provide you a version vor 686 CPUs with SMP support.

IPTables/Netfilter Support

State of-the-art firewall functionality is provided by IPTables/Netfilter, which includes features like connection tracking. Devil-Linux adds many more Netfilter modules then you find in your standard Linux Kernel.

Create your own, customized version with our Build System

Since everybody has different requirements, Devil-Linux provides you with an easy-to-use build system, which enables you to create your own customized version. You can i.e. only add the packages you need on your machine or even add features which are currently missing in the mainstream version.

Directly supported by Firewall Builder

Don't like writing your Firewall rules by hand? Get Firewall Builder and use a great GUI tool to create your ruleset. Firewall Builder supports writing the rules directly onto your configuration floppy.

No graphical desktop

Devil-Linux has not support for i.e. X-Server. This greatly reduces the requirements to run DL and also greatly increases security by reducing the number of running programs. (Try this on Windows...)

Almost all binaries are compiled with the GCC Stack Smashing Protector

Except of a very few exceptions, all binaries are compiled with the GCC Stack Smashing Protector. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers.

Improved Kernel Security through GRSecurity

GRSecurity adds several new features and protection mechanisms to the Linux Kernel itself. This includes Chroot restrictions (did you know that it is easy to break out of a non-protected chroot jail?), Address space modification protection (like PAX), Auditing features, Randomization features and much more.

Easy to use chroot

Devil-Linux has support for chroot jails which is easy to use. Just define what you need in a configuration file and our jail script will take care of the rest. Some pre-defined configurations are already available.
Applications for Devil-Linux

The traditional application for Devil-Linux is to use it as Router/Firewall. Below you see a list of other possible applications:
Proxy Server
DNS Server
Mail Server with TLS support and Spam and Virus filtering
HTTP Server
FTP Server
File Server
VPNs with X.509 support
DHCP Server
NTP Server
IDS Node

Screenshots-



0 comments:

Post a Comment

 
TOP