Next Generation Routers

and Security
Concept or Virtual Reality

Halon Security Router

The security router is a network operating system and
software distribution based on OpenBSD.
The routing platform was created with the intention of
replacing proprietary systems such as Cisco and Juniper.
The Security router enables UNIX root access.
The system is a mix of open and closed back end source.
The security router has a Web GUI for administration.

Halons claim to fame!

Halon states their system is capable of clustering, load
balancing, firewall and VPN in the same product.
Offers both software/virtual and hardware solutions.
Open source: with patches web, LCD, except backend
process which are closed source.
Revision managed single config file with soft reconfigure.
Open SOAP and REST API controls the system.
Their product is Secure (or so they say)

VPN
Halons VPN supports the following.
Manual Key Ipsec
IKE for auto key Ipsec
L2TP and PPTP VPN server

DNS with support via DHCP inform.

RADIUS support
GRE, IPIP and ethernet tunnels
High Availability using SA syncronization

Routing
BGP with IPv6 support TCP-MD5 and VPN extended
communities.
OSPF and OSPF3 (IPv6)
Multi-path routing
VRF using routing domains
Policy routing

Halon (Virtualbox) Configuration

A VSR images was downloaded from the vendors web site.
I used the vmdx 32 bit image.
The virtualbox configuration is the following.

1 CPU
4gb of Ram
20GB of hard drive space
PAE enabled CPU

Getting a functioning Router

The Halon was installed on a virtualbox my verizon router
was used as the default gateway for configuring the router.
In the network settings use the bridged network setting.
Getting the Web UI working required changing files on the
UNIX system.
#cd /var/www/logs vi resolv.conf and change the ip to the IP
address assigned to the virtual machine.
By default the system tries to obtain an IP address via DHCP

Basic Security Checks on the UNIX

side (issues)
Deleted the passwd file.
Man pages are not installed.
System files were able to be edited.
Allowed root login via ssh out of the box.
Files were able to be edited such as passwd, sudoers, rc,
I can log directly onto the system via root user.
sshd_config editing both good and bad

UNIX Security and Recovery

Top level directories are read only.
Deletion of crucial files such as passwd are self healing.
Does NOT render the system unusable.

Router Features Network

IP addressing and DHCP ( I assigned static IP addresses)
Firewalling (will go into this more)
IPv6 ( did not test)
Routing domains ( very little testing)
BGP and OSPF (border gateway protocol and Open shortest path
first)
VPN ( couldnt test as this is a closed home network)

PPTP/L2TP server
EtherIP (layer 2) tunnels
Ipsec
Load Balancing and failover

Web GUI
One of the selling points of newer routers are ease of use.
Halon accomplishes this with their intuitive web GUI.
Not a lot of networking experience needed to administer the
system
Intuitive UI, with help via the use of the tools.
Gives ports and protocols

GUI network configuration

The network can be configured from the web gui
Services such as firewall, dhcp server, DNS, VPN,
loadbalancer and Ipsec can be configured from the network
tab.
Diagnostics
Configuration
Reboot feature, requiring less than 1 minute downtime.

Firewalling

Clustering

IPSec

VPN

Terminal through GUI

Conclusion
The halon is a capable router/firewall appliance.
The clustering / load balancing are invaluable for maximum
uptime.
The interface is intuitive and does not require advanced
knowledge of networking to configure and have a functional
router.
If I were to deploy this in an enterprise network, I would
recommend using a hybrid of traditional hardware routers,
and use the virtual appliances for network segmenting.

Denises Presentation

Q and A