|
With spam, spyware, identity theft (phishing), hacking (the unethical kind), viruses and trojans becoming more and more prevalent on the Internet, folks who want to run more than one computer in their home have to really consider the security benefits of edge devices. Edge devices are computers (either dedicated or appliances) designed to sit between your DSL or Cable modem and your internal network. Edge devices act as a first line of defense, protecting home computers and servers from intrusion and infection. Untangle has released version 4.1 of their amazing firewall distro for edge devices and we have been using it here in the lab for several weeks. What you will see will amaze you. |
{mosimage} |
Product: Untangle XD Server + Untangle Platform
Author: Carlos Echenique
Category: Firewall distro/Edge Device
Reviewed on: January 21, 2007
Product cost: See article
Manufacturer: Untangle (formerly Metavize)
Spelling and Grammatical editor: Paul Mercer
Introduction
Even with the launch of Windows Vista and its attendant security improvements, using the built-in firewall and the NAT (Network Address Translation) firewall built-in to the modem is not enough, especially if you are running a home (or small office) network. One can purchase security suites from various manufacturers (Trend, Symantec, CA to name a few) to add layers of security to your home systems. However, these solutions steal more and more cycles from your CPU, degrading performance in the name of security. At the rate things are going, you will need a quad-core machine to read your e-mail because of all of the security layers/protections/encryptions that you will have to dynamically use in day-to-day operation.
This is where edge devices make sense. By placing these security checkpoints in between the router/modem and the network, you force all data entering and leaving your network to be scrutinized and checked. Linux afficionados have long enjoyed this ability but had to endure the complexity of administering complex firewall rules and the arcana of trying to mix together various security technologies. Windows firewall offerings for edge devices can be very expensive (Microsoft's ISA Server 2006 Standard lists for over $2,000 USD) and lack features compared to their Linux bretheren.
Enter Untangle (formerly Metavize) with their Untangle Server and the Untangle Platform. This product is a pre-assembled Linux-based firewall distro that combines best-of-breed security technologies with a dynamite front-end to manage the whole thing. Add to that a laundry list of features and regular support updates, and you have yourself the makings of top-tier security product. The Untangle Platform can be downloaded and installed on your own server or ordered on one of three preconfigured severs. Untangle kindly sent us their XD (rackmountable) server preloaded with UP 4.1.
{mospagebreak title=Features}
Features
First and foremost, the UP is an SPI (Stateful Packet Inspecting) firewall and full fledged router based on a hardened Knoppix distro. If you purchase a preconfigrued server (or "roll your own" with three NICs) the Untangle Platform fully supports Internal, External and DMZ network connections. The external connection can be static or dynamic and includes PPPoE (Point to Point Protocol over Ethernet) support.
User authentication can be from either the built-in LDAP server or going against your internal Active Directory server (if you are crazy enough to have one, like me). The software includes a utility to allow the UP to track users via Active Directory and apply policy based on their logins instead of their IP addresses. This is very convenient when you have rules that apply to certain folks (the youngsters for example) and others are exempt (the adults).
The UP offers the following features:
| Router | with support for NAT, DMZ and port fowarding. |
| Firewall | Offers full control of incoming and outgoing traffic. |
| Virus Blocker | Scans all incoming traffic (e-mail, web pages, FTP transfers) for viruses. You may scan outgoing traffic as well. |
| Spam Blocker | Scans all incoming mail (POP3, IMAP, & SMTP) for unsolicited content. Tags messages as [SPAM] (POP3 & IMAP) or quarantines them (SMTP only). In the SMTP scenario, users are e-mailed a spam report every morning at 6 AM with the option to review the message quarrantine and delete/release the messages. This web page allows the creation of whitelists and redirection of spam mail to a certain inbox. This is useful for offices with a designated spam editor/political officer/whipping boy. |
| Identity Theft Blocker | This scans e-mail for phishing (identity theft) attempts and blocks them. Uses tagging/quarrantining system like the Spam Blocker. |
| Spyware blocking | prevents spyware, pop-up ads and other forms of questionable programming from showing up. |
| Web Content Control | allows to actively/passively monitor internet use. Access can be set on a time schedule and on a user/group basis |
| Protocol Control | allows you to block/log based on well known protocols. The system comes with over 90 protocols listed and you can add more yourself. |
| Intrusion Prevention | blocks/logs attempts to penetrate the firewall by hackers. |
| Attack Blocker | Sanitizes all packets the Untangle Server receives and prevents Denial of Service (DoS) Attacks. |
| Remote Access Portal | Provides SSL VPN services that do not require the installation of a special client application. |
| OpenVPN | allows the creation of a standard VPN server for connecting clients to the Untangle Server or connecting remote Untangle Servers together. |
| Dual Virus Blocker | adds a second virus scanner to the Platform. This is an extra cost feature. |
| 24-hour Replacement | Each night, your Untangle Server uses a phone-home feature to request a nightly backup. Upon request from your Untangle Server, Untangle Network's data center performs a backup of your router's configuration, with the exception of report data. The Untangle Server's interface shows you what day and time the backup event occurred and if the backup was successful or unsuccessful. In the event that your router fails, Untangle Networks replaces your Untangle Server with a new Untangle Server that is pre-configured with your exact configuration. This replacement is free-of-charge and has a 24-hour turnaround, unlike with your standard warranty. This is an extra cost feature. |
| Untangle Reports | The Untangle Platform provides a plethora of reports covering every aspect of the unit's operation and the online antics of the users behind it. These reports are generated daily/weekly/monthly and are e-mailed automatically to a designated user. They can also be viewed online. |
The system automatically checks for updates at a designated time every night. The update check also occurs whenever you log on to the Administrative Console.
If I had one nit to pick it would be the lack of a transparent proxy to speed up surfing for large amounts of users behind a single DSL/cable modem. This should not be difficult to implement as Squid is a popular open source proxy. [Editors note: I have been informed by Untangle Support that proxy services are on the roadmap for deployment in the future.]
Feature Score: 4.95 out of 5
{mospagebreak title=Interface}
Interface
Untangle has gone the extra-mile with the administrative interface. Instead of using the web-based solutions favored by other distros, Untangle sports a Java based interface that uses a "rack of machines" paradigm (see image below). This allows the system to provide status and statistics in real-time (the graphs on the interface are live) and a drag-and-drop metaphor for system configurations. Racks may be added for different groups (admins and users for example) with different "machines" mounted on each rack.
|
|
|
|
|
|
Clicking on each "machine" on the "rack" expands the display and allows access to the detailed settings for each area. The method is intuitive and elegant. I have shown this interface to several IT professionals and they unanimously agree on the elegance of the design.
By using Java to power their interface, Untangle has made it's client platform independent. I have tested this Interface on Windows XP (32 and 64 bit), Windows 2003 Server (32 and 64 bit), Fedora (Redhat) Linux, and Mac OS X (Tiger). Vista users had some issues during the beta, but Untangle support has removed this incompatability and Vista is now fully supported. In order to run the Untangle Client on Vista, you must install Java 1.6 as the previous versions of Java do not work correctly with Vista.
View a live demo here.
Interface Score: 5 out of 5
{mospagebreak title=Performance and Support}
Performance
The Untangle Server XD is a Pentium D based machine with 1 GB of RAM. If you decide to "roll your own" firewall box for the Untangle Platform be sure to meet or exceed the hardware requirements listed at Untangle's website. YMMV. The XD is more than enough to handle well over 100 users without even getting warm. I get copious amounts of spam every day and the Untangle Server/Platform has helped me reclaim my inbox. Looking at the logs and reports will amaze you as to the amount of traffic/garbage/hack attempts pouring in through your DSL/cable modem. Web control is smooth and efficient. When coupled with an AD server, the policies follow the user account, not the IP of the machine.
Support
The support staff at Untangle have been incredibly responsive to the needs of their user community. The Untangle Platform includes a mechanism for remote support by Untangle Staff and there is a 24 hr Support Package that can be purchased. This package, when purchased online, allows the folks at Untangle to monitor and take snapshots of your server's configuration. Should your hardware fail, a new server is prepared and loaded with your config and sent to you overnight express.
Untangle also provides a user forum that is very helpful and is constantly monitored by the support staff. I have used it extensively in my testing and the staff is very knowledgeable. The forum is also a venue for suggestions and improvements and several of my own suggestions are being realized.
Performace & Support Score: 5 out of 5
{mospagebreak title=Pricing}
Pricing
When I started this review, Untangle (known as Metavize at the time) had a pricing structure geared towards business customers only. Subsequently, they renamed their company, released a new version of their software, and completely restructured their pricing.
Here is the current pricing:
|
Untangle Platform: |
FREE Download |
|
Monthly Support: Total Security Bundle: 1-10 users: |
FREE |
|
11-30 users: |
$75/mo |
|
31+ users: |
$195/mo |
|
[Total Security Bundle includes: Spam Blocker, Firewall, Identity Theft Blocker, Virus Blocker, Spyware Blocker, Router, Web Content Control, OpenVPN, Remote Access Portal, Attack Blocker, Intrusion Prevention, Untangle Reports, and Protocol Control.] |
|
Other packages and discounts are available as well. Please see the Untangle web site for more details
Pre loaded servers are also available (if you don't feel comfortable building your own or wish to take advantage of the 24 Hour Replacement feature). Again see the Untangle web site for pricing.
|
|
|
As you can see, the only cost of setting this up in your home or small office is the cost of bulding a machine to house it. The hardware specs are not unreasonable:
|
Resource |
Minimum |
Recommended |
|
CPU* |
1.0 GHz |
2.0+ GHz |
|
Memory |
512 MB |
1-2 GB |
|
Hard Drive |
20 GB |
40+ GB |
|
NIC's |
2 |
3+ (for DMZ) |
Intel? or AMD CPUs will work.
Operating System
The server does NOT need an Operating System; the Untangle CD installs an operating system.
Other
CD-ROM drive to boot the Untangle Server software CD. A bootable DVD drive will work as well.
With the imminment release of Windows Vista (and the required hardware upgrades), there is a high likelihood that a machine meeting these requirements will be available for use as an edge device.
The process is simple: Download the ISO, burn it to CD, boot off of said CD, request a key, install key on the system.
Pricing Score: 5 out of 5
{mospagebreak title=Conclusion}
Price, performance, features, suppport and a killer interface all come together to produce a near perfect product. Ongoing development and a support team that listens to the needs of their customers makes the Untangle Platform your best bet for securing your network.
Scores:
Features: 4.95 out of 5
Interface: 5 out of 5
Performance & Support: 5 out of 5
Pricing: 5 out of 5
Total Score: 19.95 out of 20
PlanetX64 proudly awards Untangle Platform the Best on the Planet.
{mosimage}
PlanetX64 wishes to acknowledge Corky Brown and Dirk Morris of Untangle for their assistance and support during this review.
Discuss it here.