halon power point
TRANSCRIPT
Next Generation Routers and SecurityConcept or Virtual Reality
Halon Security Router The security router is a network operating system and
software distribution based on OpenBSD. The routing platform was created with the intention of
replacing proprietary systems such as Cisco and Juniper. The Security router enables UNIX root access. The system is a mix of open and closed back end source. The security router has a Web GUI for administration.
Halon’s claim to fame! Halon states their system is capable of clustering, load
balancing, firewall and VPN in the same product. Offers both software/virtual and hardware solutions. Open source: with patches web, LCD, except backend
process which are closed source. Revision managed single config file with soft reconfigure. Open SOAP and REST API controls the system. Their product is Secure (or so they say)
VPN Halon’s VPN supports the following.
Manual Key Ipsec IKE for auto key Ipsec L2TP and PPTP VPN server
DNS with support via DHCP inform. RADIUS support GRE, IPIP and ethernet tunnels High Availability using SA syncronization
Routing BGP with IPv6 support TCP-MD5 and VPN extended
communities. OSPF and OSPF3 (IPv6) Multi-path routing VRF using routing domains Policy routing
Halon (Virtualbox) Configuration A VSR images was downloaded from the vendor’s web site. I used the vmdx 32 bit image. The virtualbox configuration is the following.
1 CPU 4gb of Ram 20GB of hard drive space PAE enabled CPU
Getting a functioning Router The Halon was installed on a virtualbox – my verizon router
was used as the default gateway for configuring the router. In the network settings use the bridged network setting. Getting the Web UI working required changing files on the
UNIX system. #cd /var/www/logs vi resolv.conf and change the ip to the IP
address assigned to the virtual machine. By default the system tries to obtain an IP address via DHCP
Basic Security Checks on the UNIX side (issues) Deleted the passwd file. Man pages are not installed. System files were able to be edited. Allowed root login via ssh out of the box.
Files were able to be edited such as passwd, sudoers, rc, I can log directly onto the system via root user. sshd_config editing both good and bad
UNIX Security and Recovery Top level directories are read only. Deletion of crucial files such as passwd are self healing.
Does NOT render the system unusable.
Router Features Network IP addressing and DHCP ( I assigned static IP addresses) Firewalling (will go into this more) IPv6 ( did not test) Routing domains ( very little testing) BGP and OSPF (border gateway protocol and Open shortest
path first) VPN ( couldn’t test as this is a closed home network)
PPTP/L2TP server EtherIP (layer 2) tunnels Ipsec Load Balancing and failover
Web GUI One of the selling points of newer routers are ease of use. Halon accomplishes this with their intuitive web GUI.
Not a lot of networking experience needed to administer the system
Intuitive UI, with help via the use of the tools. Gives ports and protocols
GUI network configuration The network can be configured from the web gui Services such as firewall, dhcp server, DNS, VPN,
loadbalancer and Ipsec can be configured from the network tab.
Diagnostics Configuration Reboot feature, requiring less than 1 minute downtime.
Firewalling
Clustering
IPSec
VPN
Terminal through GUI
Conclusion The halon is a capable router/firewall appliance. The clustering / load balancing are invaluable for maximum
uptime. The interface is intuitive and does not require advanced
knowledge of networking to configure and have a functional router.
If I were to deploy this in an enterprise network, I would recommend using a hybrid of traditional hardware routers, and use the virtual appliances for network segmenting.
Q and ADenise’s Presentation