portlandia IT

Package: Untangle 9.2.3

Site: http://www.untangle.com/store/lite-package.html

What it is: Complete UTM open source Linux-based software

Install Method: Bootable CD-ROM or USB flash drive

Observations: Booting with either the CD-ROM of the USB flash drive, the user is presented with a menu that allows them to choose either a graphical or text based install method.

After selecting the install method and answering questions ask by the installer concerning your language, location, etc., you are quickly on your way.

Untangle will give you a quick summary of the system before continuing. If the RAM or hard drive space is not sufficient, the install will stop here.

You will be informed that the hard drive will be formatted and to acknowledge this.

Once this portion of the install has been completed, you are asked to reboot the system.

After rebooting, you will continue with the Untangle configuration.

Unlike other Linux based routers that require you to log into a remote web console, Untangle will start up with a local web console to complete the configuration.

Untangle can also be configured as an inline bridge, useful if you already have a router and want to add filtering.

Login Screen:

Home Page:

You’ll notice Untagle is very different looking. Instead of having a central menu of common items, Untangle uses a “rack” of features, either individual programs or installed via packages. The “Lite” package contains all of the open source applications in Untangle’s offerings.

You’ll need to create an account for Untangle

Downloading and installing the “Lite” package

Once the applications ar installed and activated, they appear in the rack

Thoughts:

Untangle’s install process went a step further than the other Linux/BSD router installs, going from bare metal to deployed in one sitting.

Having the choice to use either a bootable CD-ROM or USB flash drive is an added plus for me.

I don’t like having to search through menus or remembering where features are located. Untangle’s approach is to place active features front and center in what they call the “Rack” and is what sets Untangle apart from their competition.

Package: Smoothwall Express 3.0 SP3

Site: http://www.smoothwall.org/

What is it: Open source firewall based on GNU/Linux

Install Method: Bootable CD-ROM

Observations: Familiar Linux text-based installer loads, informs the user that the data on the hard drive is about to be over written. Acknowledging the warning, the installation continues with the hard drive being formatted and Smoothwall being installed. Once this step completes, Smoothwall will reboot your computer and ask if you want to restore from a backup. Since this is a new install, the answer is “no”.

The installer will also ask questions about the install. Answer accordingly.

This is another install where “Green” and “Red” are used to designate the inside and outside interfaces.

You’ll be asked for the IP addresses for each interface, the gateway and DNS settings, and what passwords you want set for the admin and root accounts. Once these questions have been answered, Smoothwall will reboot for the final time.

The wed console is located at: https://Inside-IP-address-of-smoothwall:441

Username: admin

Password: Chosen during install

Login Screen:

Home Page:

Thoughts:

A fairly easy install once you understand the “Green” and “Red” nomenclature.

The web interface is fairly straight forward, similar in look and feel to other Linux/BSD based routers.

Package: IPFire 2.11 (i586) – core60

Site: http://www.ipfire.org

What is it: Minimalist Linux based firewall

Install Method: Bootable CD-ROM, Linux text based install

Observations: PC boots into familiar text based Linux installer, uses “Green” and “Red” nomenclature to designate inside and outside connections. During initial install process, installer asks for “Green” and “Red” interface connections and their respective IP addresses. The installer also asks for the new admin password, which will be used for both the root and web interface accounts.

A web interface is used to configure and control the IPFire firewall. Use the internal IP address or “Green” interface: http://internal-IP-address-of-device:444

Login Screen:

Home Page:

Thoughts: I found this distribution easy to install and configure. The home page reminds me a lot of other minimalist Linux based firewalls.

Package: Endian Firewall EFW 2.5.1 (Community Edition)

Site: http://www.endian.com/en/community/overview/

What is it: Endian Firewall is an open source UTM appliance based on Linux

Install Method: Bootable CD-ROM, Linux text install

Observations: Booting from the CD-ROM begins the install process, with the installer informing you that continuing will lose any data currently on the hard drive.

You’ll also notice the familiar Linux text installer and as the installation continues, you will be asked what the default IP address will be for often used “Green” and “Red” labels for the interfaces.

After the reboot, you’ll need to login to the web console to finish the install. Logging into to the web interface at the address https://default-ip-for-Endian:10443 you’ll encounter the Endian Firewall setup screens.

To finish the remaining portions of the install, answer the questions and complete the network settings. The Endian firewall will reboot and be ready to use.

Login Screen:

Home Page:

Thoughts:

Endian Firewall EFW 2.5.1 Community is the open source side of Endian UTM appliance, it has most of the functionality of the commercial version. For larger organizations, going with the commercial version makes sense since you also get support services.

The menu system organizes items in a similar fashion as other Linux-based firewall/routers.

With the use of the internet now mainstream and it being crucial to the day to day workings of many businesses, it is important to be aware of the various types of threats that come from accessing this resource.

The vectors:

Email

1. Spam: Unsolicited or unwanted email.
2. Phishing: Scams sent via emails targeting users that purport to come from a legitimate source. In reality these emails link to websites specifically setup to collect user information, usually banking or other financial data.
3. Viruses embedded email: Emails that have virus or other rogue software embedded that activate when read.
4. Spoofing: Emails that report coming from one source, but in reality are coming from another.

Websites

1. Virus infected website: A website that has had its code infiltrated with rogue software that infects visiting users’ PCs.
2. Spoofing: A Website whose address has been compromised, it isn’t what it claims to be.

Internet Browsers

1. Browser hijacks: Internet Explorer is more prone to this, visiting a rogue website installs software that forces the browser to redirect from the intended websites

Direct Attacks

1. Denial of Service (DOS) attack: A common method of attack involving saturating the targeted machine with external communication requests, such that it cannot respond to legitimate traffic.
2. DNS Spoofing: DNS cache poisoning, a hacking attack where incorrect data is introduced into a domain’s DNS server cache.

There are a wide variety of antivirus and anti-malware programs that users can install on their PCs. Collectively these programs are marketed as a means to handle the growing security threat that the internet introduces to a network. These threats are ever evolving, and if these programs are not maintained, will leave the end user just as vulnerable as having no protection. Multiply that situation by the number of PCs on any given network and you can see that effectively protecting a network can be a daunting task.

Enter UTM or Unified Threat Management. This is a technique or rather a solution where all internet traffic is filtered at the point of entry, before it is even allowed to reach your network. These solutions can be a software package you download and install on a server, or a network appliance dedicated to the UTM task.

In my search for viable UTM solutions, I came across one called Untangle, and have subsequently found similar products from other providers. In my testing thus far, Untangle has been my UTM of choice. Compared with the others, Untangle stands out in both configuration and setup.

My checklist to deploy an UTM:

Dedicated server: Even though an older Intel or AMD system boards with minimal RAM and hard drive space will often get the job done on small networks, using newer hardware with more RAM and storage space will produce better results and happier network users.

My testing server:

Hardware:

Intel SE7501HG2 dual 3.2ghz Xeon, 4gb RAM, 160gb hard drive, dual Intel 1gb NIC, No CD-ROM (this is an alliance after all, think minimalist hardware)

I have the onboard SCSI and floppy controllers disabled. This server is also 32bit. Any UTM solution I want to test will have to have a 32bit distribution.

A CD-ROM will be available for installs, although once an appliance is installed, it would be best if re-installs could be done with a USB flash drive.

Between installs, I found that cleaning the hard drive from the previous Linux install is often needed for a successful install.

What was tested:

1. Ease of install
2. Configuring internal and external IP addresses
3. Attaching a remote PC to the network
4. Connecting to the web interface, logging in, viewing menus
5. Surfing the internet and checking the settings
6. Test complete

No other configuration was done. The point of this is to see how quickly one of these UTMs can be configured and deployed with basic settings. If the basics work properly, the likely hood is that the end user will continue on with the remainder of router install, configuring port forwards, firewall rules, VPNs, and other high level security such as web and email filtering. These are aspects of the software install that are not relevant to this article, as I’m just giving a brief overview of install starting with bare metal to a functioning device.

Now for the fun stuff:

The Software:

Endian Firewall

IPFire

pfSense

Smoothwall

Untangle

Portlandia IT, LLC is a Portland, OR business computer and network servicing organization with business and some residential customers throughout the Portland Oregon, Vancouver Washington, and greater Portland Oregon metropolitan areas. Portlandia has been in business since April 2011 and our principles have been working in the industry since 1994 and earlier.

We work on-call at your site and repair a wide range of technological problems, design, build and maintain industry standard small to medium sized computer networks (from 2 to 100 users) and computers, specializing in Microsoft Windows and some Linux/UNIX products. We install and service firewalls (PIX, ASA, and Untangle), anti-spam filtering systems, VPN’s, Cisco routers, and wireless networks, and can assist you with all your computer needs.

We have project managed colocation installs from the antistatic flooring to the generator to the roof HVAC units, and managed large plant ethernet cabling and fiber installs. Older, obsolete systems like RS232, Thinnet, and Token Ring that would send most consultants running for the hills don’t scare us!

We can assist you to analyze your phone bills and Internet connectivity, select a Voice over IP phone system for your business, or sell you a HP Proliant server or desktop computer system. We also can help you to consolidate your servers through virtualization. We can sell you the complete hardware and software for a turnkey network or we can provide you with direction in case you want to specify, select and purchase the equipment yourself. We maintain a small inventory of inexpensive parts so that your IT projects do not lose days of implementation time waiting for a cheap connector or cable to be sourced.

In addition to hourly support we also have flat rate packaged support options for price-conscious organizations.

Check out our Business Computing Guides for useful networking and computing help for business owners.

Call us at 503-690-6800 or e-mail us for a no-charge evaluation of your business computing needs!