ZeroShell 1.0 Beta1 review

Zeroshell is a Linux Live CD distribution aimed at providing the main network services a LAN requires: Here are some key features

License: GPL (GNU General Public License) File size: 104498K Developer: Fulvio Ricciardi

0

Zeroshell is a Linux Live CD distribution aimed at providing the main network services a LAN requires:

Here are some key features of "ZeroShell":
Kerberos 5 authentication or with X.509 certificates;
LDAP, NIS and RADIUS authorization;
X509 certification authority for issuing and managing electronic certificates;
Unix and Windows Active Directory interoperability using LDAP and Kerberos 5 cross realm authentication;
Router with static and dynamic routes (RIPv2 with MD5 or plain text authentication and Split Horizon and Poisoned Reverse algorithms);
802.1d bridge with Spanning Tree protocol to avoid loops even in the presence of redundant paths;
802.1Q Virtual LAN (tagged VLAN);
Firewall Packet Filter and Stateful Packet Inspection (SPI) with filters applicable in both routing and bridging on all type of interfaces including VPN and VLAN;
NAT to use private class LAN addresses hidden on the WAN with public addresses;
TCP/UDP port forwarding (PAT) to create Virtual Servers. This means that real server cluster will be seen with only one IP address (the IP of the virtual server) and each request will be distributed with Round Robin algorithm to the real servers;
Multizone DNS server with automatic management of the Reverse Resolution in-addr.arpa;
Multi subnet DHCP server with the possibility to fix IP depending on client's MAC address;
Host-to-lan VPN with L2TP/IPsec in which L2TP (Layer 2 Tunneling Protocol) authenticated with Kerberos v5 username and password is encapsulated within IPsec authenticated with IKE that uses X.509 certificates;
Host-to-lan VPN with PPTP protocol (Point to Point Tunneling Protocol), MPPE (Microsoft Point to Point Encryption) and GRE tunneling
Lan-to-lan VPN with encapsulation of Ethernet datagrams in SSL/TLS tunnel, with support for 802.1Q VLAN and configurable in bonding for load balancing (band increase) or fault tolerance (reliability increase);
PPPoE client for connection to the WAN via ADSL, DSL and cable lines (requires a suitable MODEM);
Dynamic DNS client used to easily reach the host on WAN even when the IP is dynamic;
NTP (Network Time Protocol) client and server for keeping host clocks synchronized;
RADIUS server for providing secure authentication and automatic management of the WEP keys to the Wireless 802.11b, 802.11g and 802.11a networks supporting the 802.1x protocol in the EAP-TLS, EAP-TTLS and PEAP form or the less secure authentication of the client MAC Address; WPA with TKIP and WPA2 with CCMP (802.11i complaint) are supported too; the RADIUS server may also, depending on the username, group or MAC Address of the supplicant, allow the access on a preset 802.1Q VLAN.
Syslog server for receiving and cataloging the system logs produced by the remote hosts including Unix systems, routers, switches, WI-FI access points, network printers and others compatible with the syslog protocol;
Arpwatch monitor for monitoring ARP events on the LAN such as duplication of IP addresses, flip-flops and other faults;