Linux: The Network Administrator’s Secret Weapon

One of the strongest business cases driving networking in small and medium sized organizations today is the need to give workers access to the Internet from their workstations without having to dial-up directly from each machine. It is e-mail and Web surfing more than printer and file sharing that users are demanding. And thanks to inexpensive high-speed networking options available from both cable and telco companies, fast shared Internet access is now easily available. The only problem is, it isn’t always secure.

The best way to protect the machines in a Local Area Network (LAN) from attack from some remote location on the Internet is to put a firewall or secure router in between the LAN and the Internet. This hardware/software combination ensures that only trusted remote machines can access anything within the LAN — it is common to not let any remote machine have access such than only machines within the LAN can start a connection. Many people don’t realize how often remote crackers scan 24/7, always on connections looking for mis-configured services to leverage against to gain access or deny services.

While dedicated firewall/router hardware devices can be purchased, they tend to be quite costly. Less expensive solutions also exist for Windows and Macintosh platforms, but they can be difficult to configure to be fully secure and are often exposed by security issues within the OS themselves. A more optimal solution is to use one of the available Linux and Open Source Software (OSS) floppy based router projects, or to configure a full Linux installation to render these services.

As an example, find an older x486 style machine with 12 or 16 megabytes of RAM, and install two 10 Mb/s Network Interface Cards (NICs). Then download and follow the instructions to create a floppy-based installation of the Linux Router Project (LRP) available from (URL:http://www.linuxrouter.org/). A more powerful machine can be a 100 Mb/s router, as well as provide additional services detailed at the web site.

If you find the instructions too complex, you can forgo the flexibility and configuration options the LRP gives you by using a different floppy based distribution like the FirePlug EDGE Router Project, developed in Vancouver. Available at (URL:http://edge.fireplug.net/), there are special Quick Start Instructions written for Windows users to get a LAN onto the Internet via a Rogers@Home connection. The same instructions should work for Shaw@Home as well as Telus’ ADSL service.

On the other hand, if you’re wanting more power and flexibility than what a floppy based system can provide, install a 600 megabyte or so harddrive into the above machine, then put a full Linux distribution like RedHat or Debian on the drive. Lastly, read and follow the instructions in the IP Masquerade and Firewall HOWTO documents at the Linux Documentation Project (URL:http://www.vlug.org/linux/LDP/). Although written for the more advanced user, anyone familiar with networking issues shouldn’t have any difficulty at all.

Another area where Linux and OSS can deliver a superior solution, from both a technical as well as a financial perspective, is as a file and print sharing server for Windows clients. Called the Samba project (URL:http://www.samba.org/), the software allows a Linux (or any Unix) machine to provide Windows NT and LAN Manager-style file and print services.

Samba can also provide NetBIOS name-server services, which means the Samba server shows up when browsing the local network from within Windows. It can even be the Primary Domain Controller in a NT style network. This doesn’t mean much to most people, but it will to the IT/Network Manager when she realizes that it means NT isn’t needed in the network supporting the Windows clients anymore, and the $4,000 (US) cost for the license for the Enterprise Edition of NT, allowing only 25 users, can instead be spent elsewhere.

Now, it is never a good idea to replace working, existing systems in a hurry. If your organization is already running NT as the file and print server, it is recommended to try out Linux and Samba in parallel with the NT Server to start using a similar, or slightly less powerful, machine. Because Linux can mount SMB shares as a remote filesystem, it is easy to copy the existing shared filesystem over to the Linux disk, and then compare the results accessing the two machines. You’ll be stunned by how snappy and stable the Samba server is, even under heavy load.

A nice side effect of running Samba on a Linux server is that it means the organization’s intranet site can be run using Apache (URL:http://www.apache.org/), the world’s most popular and flexible web server, on the same machine. People can update the various pages using the text or web editing tools they’re used to on their own workstation using file-sharing. No using FTP tools to move files back and forth, just point and click.

These are just a few of the areas Linux and Open Source Software can bring technical flexibility and cost savings to an organization’s networking systems. Because of the open, peer reviewed nature of the systems’ development, your organization is ensured stable and secure network operations. In the next article, we’ll take a look at the growing case for using Linux as a end-user’s desktop environment, and the situations where this is an option now.

Published in the Victoria Business Examiner.