Free Open-source Unified Threat Management Software Untangle Reviewed

By Angsuman Chakraborty, Gaea News Network
Monday, November 24, 2008

With spam, spyware, identity theft (phishing), cracking, viruses and trojans becoming prevalent to steal your rights from your own machine or domain, network security is one of the main concerns for all of us. While network security is too big a term to implement, we resort to firewalls, anti-viruses, spam blocker, anti-spyware and other internet security softwares to protect ourselves, apparently. Having so many watchmen to protect your computer network has a bane within itself. These solutions steal more and more cycles from your CPU, degrading performance in the name of security. At the rate things are going, you will need a quad-core machine to attach a file and send it to a friend via e-mail because of all of the security layers/ protections/ encryptions that you will have to dynamically use in day-to-day operation. So why not have a one point solution to all of these problems?

For that, today our topic is centered around Untangle, an integrated family of applications that simplify and consolidate the network and security products that businesses need at the network gateway.

What is Untangle

Untangle claims to be the first open-source unified threat management software platform for network security, targeted at small to mid-sized businesses.

The Untangled Gateway Platform was built around more than 30 open source projects, including SpamAssasin, ClamAV, and Snort, and competes with proprietary systems from SonicWall, Barracuda and WatchGuard, among others.

The excellent list of bundled software (features) includes:

  • Web Filter and Phishing Blocker
  • Spam/Virus Blocking
  • IPS/IDS
  • OpenVPN
  • Firewall/Router
  • Reporting and etc.

Untangle currently comes in two versions: one free and supported by the online community only, which Untangle does participate in; and a paid version that offers 12-hours-a-day, five-days-a-week live support and after-hours email support.

Features Overview

Deployment Option Untangle has 3 network deployment options:Router: Dedicated server that performs routing & firewall services

Transparent Bridge: Dedicated server that drops seamlessly behind existing routers & firewalls

Re-Router Adds network-wide protection while running on an existing desktop (runs on Windows)

You can read more about this

Router
  • with support for NAT, DMZ and port fowarding.
  • Get fancy with multiple NAT spaces, routing tables and configurable MTU
  • Prioritize traffic with QoS
  • Support SIP & IAX VoIP traffic
Firewall Offers full control of incoming and outgoing traffic.
Virus Blocker Scans all incoming traffic (e-mail, web pages, FTP transfers) for viruses. You may scan outgoing traffic as well. Two virus blockers provide an extra layer of security for businesses with a history of virus problems namely  Virus Blocker and Kaspersky Virus Blocker (thought its a paid support)
Spam Blocker
  • Leverage the best spam filtering techniques including Bayesian Filters, Razor, realtime block lists (RBLs), OCR for image spam and tarpitting.
  • Filter SMTP, POP & IMAP In the SMTP scenario, users are e-mailed a spam report every morning at 6 AM with the option to review the message quarrantine and delete/release the messages. This web page allows the creation of whitelists and redirection of spam mail to a certain inbox.
  • Personal Passlist—users can designate certain email addresses as “good” without having to bother your IT person
Identity Theft Blocker This scans e-mail for phishing (identity theft) attempts and blocks them. Uses tagging/quarrantining system like the Spam Blocker.
Spyware blocking
  • Protect users from browsing  websites that install malware
  • Scan network traffic to block spyware before users can install it
  • Ensure that signatures are always current with automatic updates
Web Content Control allows to actively/passively monitor internet use. Access can be set on a time schedule and on a user/group basis
Protocol Control
  • Conserve bandwidth by blocking applications like peer-to-peer that open multiple TCP ports
  • Improve productivity by blocking IM & online games that evade firewall rules
  • Write custom signatures for any protocol
  • The system comes with over 90 protocols listed and you can add more yourself.
Intrusion Prevention blocks/logs attempts to penetrate the firewall by hackers.
Attack Blocker Sanitizes all packets the Untangle Server receives and prevents Denial of Service (DoS) Attacks which is surprisingly something that Untangle has improved upon over the time.
Remote Access Portal Provides SSL VPN services that do not require the installation of a special client application.
OpenVPN OpenVPN is an SSL-based virtual private network. Powerful security and control features and intuitive set-up make this an ideal solution for your business. It allows the creation of a standard VPN server for connecting clients to the Untangle Server or connecting remote Untangle Servers together.
24-hour Replacement Each night, your Untangle Server uses a phone-home feature to request a nightly backup. Upon request from your Untangle Server, Untangle Network’s data center performs a backup of your router’s configuration, with the exception of report data. The Untangle Server’s interface shows you what day and time the backup event occurred and if the backup was successful or unsuccessful. In the event that your router fails, Untangle Networks replaces your Untangle Server with a new Untangle Server that is pre-configured with your exact configuration. This replacement is free-of-charge and has a 24-hour turnaround, unlike with your standard warranty. This is an extra cost feature.
Untangle Reports The Untangle Platform provides a plethora of reports covering every aspect of the unit’s operation and the online antics of the users behind it. These reports are generated daily/weekly/monthly and are e-mailed automatically to a designated user. They can also be viewed online.

Performance

Untangle is one of the very few services which claim to be AIO packages and does the work. I have always admired Zonealarm Firewall but their AV was nothing but a child’s play. Untangle not only manages all these features well but if you look at the logs and reports at the end of the day, it will amaze you as to the amount of traffic/garbage/hack attempts pouring in through your DSL/cable modem. And you will feel relieved that someone knows that it was trying to be cracked! Featurewise, I will now put forward a brief tabular for as in to express my verdict about them.

Router Protection It does the work wonderfully well Satisfactory
Firewall Offers full control of incoming and outgoing traffic and what it doesn’t block is scanned and filtered by the other applications. Satisfactory
Virus Blocker It scans HTTP and FTP downloads for viruses in real time. Although it nails viruses before the enter the network, it shouldn’t replace desktop virus protection Satisfactory
Spam Blocker I’m not running an email server either or POP3 client. But still it did its job fairly well. Satisfactory
Identity Theft Blocker I am not sure much about this. So I will leave it unattended Not sure
Spyware blocking Yes spyware is blocked with ease. You can not expect it work like a specficially designed antispyware like say spysweeper, but somehow it manages to stop all the spyware even before they can think of attacking. Satisfactory
Web Content Control It is certainly comparable to the competing product from WatchGuard or SonicWall. Works perfectly Very satisfactory
Protocol Control It stops certain application protocols from accessing or entering the network even if the traffic is allowed on the server. For example, Skype and HTTP both TCP on port 80, so the firewall would let both through indiscriminately, yet the protocol control has the ability to shut down Skype while letting HTTP traffic flow Satisfactory
Intrusion Prevention blocks/logs attempts to penetrate the firewall by hackers. and does it quite successfully. so no complaints Satisfactory
Attack Blocker The DoS detection and prevention is a wonderful feature but am not sure about port managements. I have seen unnecessary ports opened while I am not using it at all. And hackers can use such things to good effect and attack the weak point Needs Improvement
Remote Access Portal Works like a charm. Thank you. Satisfactory
Untangle Reports This is where Untangle leaps ahead of any competitor of his. IF you are having a problem with SNMP settings or interpreting newer reports, Untangle will do it all for you.. Unique, very satisfactory

Support

The support staff at Untangle have been very responsive to the needs of their user community. The Untangle Platform includes a mechanism for remote support by Untangle Staff and there is a 24 hr Support Package that can be purchased. This package, when purchased online, allows the folks at Untangle to monitor and take snapshots of your server’s configuration. Should your hardware fail, a new server is prepared and loaded with your config and sent to you overnight express.

In Conclusion

Despite being resource hungry (Recommend 1GB of RAM or more; which is obvious for so many features to run at a time) and a bit of a concern on port managements, Untangle is one of the best security management tool available now. The developers have really done a commendable job and if you are looking for a free, secure and reliable tool to protect your network, there are very few who can match up to Untangle at this moment.

[thanks to: planetx64.com]

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :