If you manage a network that is connected to the Internet, then it needs to be protected. It doesn’t matter if the network is part of a business or in a home, it is at risk. Most people use software to protect their computers. Each computer would be loaded with Anti-virus, Firewall and Anti-Spyware software. This method is not only difficult to maintain, but can also be expensive if you have to pay for the software each time you load it on another computer. Instead, you could use a gateway that has all those things on one computer and protects your whole network. Untangle provides such software, and best of all its free.
- Commercial-grade open source alternative to SonicWALL and WatchGuard
- 14 integrated apps – use one or all of them
- Runs on off-the-shelf hardware
The Untangle software has several features that set it apart from other Gateway software programs. The first and foremost is that it is open source and free.
Second, is that within Untangle there are 14 integrated apps that perform various functions like spam, spyware, and virus blocking.
Third, is that the system requirements are fairly low, so the software can be loaded on just about any machine.
Downloading and installing the software is not difficult. Once you have downloaded the software you need to burn a disk and then boot your computer with that disk. During the install the software will check the hardware to see if it meets the minimum requirements. The minimum requirements are dependent on how many users are going to use the network. As you can see the requirements are low and it would be easy and cheap to put together a machine.
|Resource||Up to 50 Users||Up to 100 Users||Up to 300 Users|
|Intel/AMD-compatible Processor||Pentium 4 equivalent or greater||Dual Core||Dual Core|
|Memory||1 GB||1 GB||2 GB|
|Hard Drive||80 GB||80 GB||80 GB|
|NIC’s||2 (3 for DMZ)||2 (3 for DMZ)||2 (3 for DMZ)|
After the software is installed it needs to be configured. If you are not familiar with network setups (things like IP addresses, DNS, Domains, subnets, etc.) you will probably need to get some help filling in the information. Luckily, Untangle offers many different ways to get support. You can read their Wiki or post questions to their Forum and Mailing List. Paid subscribers have two additional support methods, they get email and phone support.
Once the network settings have been taken care of, you finally get to use the software. As you can see, at first there is nothing to use. The first thing you want to do is download the Open Source Package. This package is free to use and a good place to start.
The open source package has everything you need to get started. There is a Spam Blocker, Phish Blocker, Spyware Blocker, Web Filter, Virus Blocker, Intrusion Prevention, Protocol Control, Firewall, OpenVPN, Attack Blocker, and Untangle Reports.
Once it has downloaded and installed, you will have access to all the programs I mentioned above. To the right of each program is a power button and a light that indicates the program status. If the light is green, the program is running. If the light is red, the program is not running.
Each program also has its own settings and logs that you can view. There are three real-time meters on each program. The first one is activity, the second one is session, and the third is data rate. As you use the network and download files you can watch as the meters show your activity.
Because there are so many programs within the Untangle software, I will give a brief description of each one. Most of this information comes from the Untangle Server Users Guide.
The spam blocker actively scans emails as they come into the network. It is capable of scanning SMTP, POP, and IMAP. The spam blocker uses SpamAssassin to identify the spam. Once spam is identified it can then either block the message, quarantine the message, pass the message, or mark the message as Spam. You can adjust the Spam filter by adjusting the threshold from low to extreme.
Phish blocker is very similar to the spam blocker in that it monitors your email for certain markers that identify phishing attempts. For example, if there is a URL in the email, but when you click on the link it goes somewhere else.
Spyware blocker is a combination of several different projects. It examines web requests from your network and looks for viruses, keyloggers, blacklisted URLs, harmful Active X controls, and bad IP subnets.
Web Filter does exactly what its name implies, it filters web pages. If you don’t want users of your network accessing certain web pages this is where you go to setup those restrictions. You can restrict web pages by selecting a category like pornography or violence, or you can type in the URL of the page you want to block.
The virus Blocker is based on Clam AntiVirus. This virus scanner detects viruses, worms, and trojan horses. It will also scan within compressed files and archive bombs.
The Intrusion prevention system intercepts all network traffic and checks for malicious activity. To scan for malicious activity the software employs signature detection, which uses a database of known attach patterns.
Protocol Control uses a tool called L7-filter to block access to well-known protocols from coming in or out of your network. These include Peer-to-Peer, like Bittorent, and Instant Messaging, like AOL Instant Messenger. You can also use this to block access to online games and streaming media.
The firewall functions just like any traditional firewall. It monitors and blocks traffic based on rules. The rules are based on a combination of Protocol, Source, and Destination.
OpenVPN is different from the other programs because it does not scan your network or detect intrusions. Instead it helps to protect your network by giving you a secure way to connect remotely.
Attack blocker helps to protect your network in several ways. First, it sanitizes all the packets that pass through the server. Second, it protects against lower-level networking attacks, and third, it protects against Denial of Service attacks.
Untangle reports like OpenVPN does not actively protect your network, but it can help you by providing reports of all the activity that passes through this server. Here you can see everything from all the IP addresses that tried to get into your network, all the way down to which websites computers were trying to access. These reports can then be accessed online or emailed to you.
Well, that does it for the free programs. Now I will talk a little about the premium programs.
Kaspersky Virus Blocker
Kaspersky is another virus scanner. This virus scanner can be purchased separately. Having a second virus scanner can never hurt. Each of the two virus scanners use different ways of scanning for viruses so they will find them differently, which will help catch more viruses before they get into your network.
PC Remote is used by system administrators to connect to all the other computers on the network. Using this software, you can generate a list of all the computers on your network automatically. You can then use that list to access each computer with either VNC or RDP. This can be very helpful for providing technical support to the computers on your network.
Active Directory (AD) Connector
Active directory is Microsoft’s version of an LDAP server. This is useful in Windows environments and if you already have an Active Directory running on the network.
Configuration Backup allows your Untangle server to call back to the main Untangle Network and backup all the settings from your server. This backup only saves your setting, it does not save any reports or other data. This is meant as a last ditch effort when your other backups have failed. These backups would be used so that Untangle can ship out a new pre-configured server.
In the free version you are only allowed to have one rack, the default rack. With the help of Policy Management you can setup multiple racks, all with different programs running on them. You can also have the same program running on different racks with different settings. Doing this you can route certain traffic through a different path, through your server. For example, you may want some “trusted” traffic to bypass the virus scanner, while other traffic gets a light scan and “untrusted” traffic gets a heavy scan.
Remote Access Portal
Remote access portal is the end user version of the PC Remote program. It allows users to access network resources like Web Servers, Web Mail, File Servers, Desktops and much more.
Because the untangle software has so many different facets, I tried my best to test each setting and program. I was unable to test some of the programs because they did not apply or occur during my testing period. For example, I could not test the intrusion prevention because I never had anyone try and hack my network, no, I am not looking for volunteers.
The web filter works fairly well. If you choose to block pornography, and a user on your network tries to go to a website that is filtered in this category, they will get a message like the one below indicating that the website is blocked.
The biggest problem with category based filtering is that it uses lists of websites in each category to determine what to block. Because new websites are added everyday there is no way that the lists will remain up-to-date. Because of this the Web filtering needs a few new features. It would be nice to have access to the list so that we can add our own URLs. It would also be nice if we could specify keywords so that if a site is not in the list, but certain keywords were found, it would still be blocked. If you find a website that you think should be listed in any of the categories, you can submit it using the Web Filter Submission Tool, this gives us as users the opportunity to help keep the filters up to date.
The URL web filter worked every time. I entered my own websites in the list and I got a message indicating that it was blocked.
Mime Type and File Extension blocking also work well. If you don’t want people to download executable and video files, it is also easy to block those.
We all know that there are sometimes exceptions to a rule. That’s why if you need to you can give any IP on your network a free pass, by entering the IP in the Pass List. You can also exclude any URL the same way.
The virus blocker does a good job, but it has some quirks of its own. In order to test the blocking of viruses I had to go out and find a website that had viruses on it. Luckily, I found one that hosted viruses just for the purpose of testing. This website offers viruses in several different configurations. The first file is a .com file. When I clicked on it I got a message like the one below that said I could not access the file. The same thing happened with the .zip file and the double zip file. However, it did not detect the virus in the .txt file. Instead the file opened and displayed in the browser. I even tried right clicking the text file and choosing save target, but it still did not detect the virus. All of the above tests were done with a standard http connection.
The site also offers viruses using an https connection. Unfortunately, when I clicked on these files none of them were detected. I looked through all the settings I could find, but I could only find one for scanning http files, there was nothing about scanning https files. Hopefully this is something that will be added in a later version.
Kaspersky Virus Blocker
Kaspersky Virus Blocker is an award winning virus scanner. It offers a second level of protection against viruses. Unfortunately, when I tried downloading the test virus files I got exactly the same results. The https files were not blocked at all and the text file made it through also. I was hoping that the Kaspersky Virus Blocker would have offered more protection, but alas it seems as though it did not.
Keep in mind that this virus scanning only protects your network form outside threats. If someone loads a virus directly on your network, ie. by connecting a laptop that is infected, Untangle will not be very much help. For this reason it is still recommended that you have Antivirus on each computer on your network.
The spyware blocker will probably be one of the most used programs in the untangle arsenal. Spyware takes so many forms and a normal user will run into many forms of spyware throughout the day. As you can see from the Spyware Blocker logs, I encountered lots of spyware in just a short amout of time. Some of them were blocked because of their URL, or Subnet was blocked and others were cookies.
As I said earlier protocol control is used to block access to certain protocols, like streaming video, P2P, and others. To test this I downloaded a Bittorrent client and started a download. While the download was going I turned on P2P-Bittorrent blocking. As soon as I hit save, the Bittorrent client stopped downloading. Even if you don’t want to block a protocol you can still log its activities. There is a separate check box for logging protocol activities. As you can see the logs show both allowed and disallowed activities.
PC Remote does exactly like it says, it allows you to connect remotely to any computer on the network. The first thing you need to do is scan the network to find all the computers that support either VNC or RDP. A thorough search of my network took about 4 minutes and I only have 4 computers. For a larger network it will probably take much longer.
The scan found all of my computers and then some. I say “and then some” because it also found my router and network printers. Once the scan is complete and some computers are found, you have the option of adding them to a favorites list. Doing this makes it easier to find them later.
Of all the computers that it found I was only able to connect to two of them. One computer was running Windows XP and the other was running Windows Server 2003. All my Vista machines gave me an error. It looks like Vista RDP might be a problem for PC Remote, I hope Untangle can get this fixed soon.
Reports are an essential part of any filtering program. You need to know how your network is being used so you know how to protect it. Untangle reports are split up to report about the activity of each program.
Because the software has so much built in, it is possible that in a large network it could get overloaded; however, you don’t have to load all of the apps on a single server. If you are managing a large network and you need to be able to devote a single machine to virus scanning, it is very easy to only enable the virus module. Then you could install the other applications on as many other machines as you see fit.
As I mentioned above Untangle offers lots of different kinds of support. You can read their Wiki, post questions to their Forum and Mailing List. Paid subscribers have two additional support methods, they get email and phone support.
In addition there are sometimes updates to the software. There are several ways to manage the updates. You can have them automatically downloaded and installed on a certain schedule, or if you like to test updates first, you can turn off the automatic updates and install them manually after you have had a chance to test them out in a different environment.
I really like this software. It provides a single location where network security can be focused. Best of all its free. I easily loaded it up on an old computer and it has been running great ever since. Because of how great it works, all the functionality you get, and the fact that it is free, I am giving the Untangle software my Editors choice award. If you have a network and it is not already protected by Untangle, I recommend you download and get it setup immediately.
|JusTech'n editors' rating|