Using Open Source to Create a Cohesive Firewall/IDS System

Defense in Depth is a basic concept, wherein the defender seeks to apply designated, concentric layers of defense in an effort to detect and deter an enemy. Attackers are faced with breaking through or bypassing each layer without being detected, a difficult task. Another benefit is that a flaw in one layer can be covered by other layers, thus mitigating a mistake in the implementation of a particular layer of defense. There are many components that make up the defensive layers: ip firewalling, tcp wrappers, application access control, intrusion detection, encryption and many more. In this paper I will be discussing what are arguably the two main components of the layered defense, a firewall and intrusion detection system. More importantly I will show how to use existing open source technologies to combine these into a comprehensive whole that, while not providing a total solution, can go a long way in fulfilling the defense in depth strategy.