As you’re likely aware, guarding your PCs from malware – viruses, trojans, spyware – and hacking is crucial for protecting your files and data. However, don’t forget about your mobile devices. Malware and hacking will be becoming more prevalent on smartphones, pads, and tablets. This makes network-wide security protection even more beneficial. It can cover your entire network, giving you protection for your mobile devices and adding a second layer of protection for your PCs.

There are several ways to implement network-wide security. Today we’ll be discussing the Untangle platform, which you can install on a dedicated PC or run as a virtual machine (VM). It can also serve as your network’s router and firewall, plus can give you many more additional features. As Figure 1 shows, it features a user-friendly GUI to configure and manage all the components.


Untangle offers a free open source distribution called the Lite Package (which we’ll discuss), in addition to premium offerings that start at $50 a month for up to 10 users.

Discovering Untangle Lite

Here’s an overview of the components offered in the free open source edition of Untangle:

  • Firewall: Similar to most off-the-shelf routers, it filters traffic based on IP address, protocol, and ports. Additionally it can perform NAT, which means you can hook Untangle directly to your Internet modem. You can also create a DMZ for computers that require unrestricted access to the Internet.

  • Intrusion Prevention: Using the open source intrusion detection system, Snort, it can detect and stop thousands of different hacking attempts.

  • Attack Blocker: Basically a smart firewall, it analyzes traffic to block specific hosts that are deemed aggressive or risky. This can help prevent Denial-of-Service (DoS) and other attacks from the Internet.

  • Phish Blocker: Based on ClamAV, it detects and helps you manage possible phishing emails, or those fraudulently trying to get you to login to an online account or divulge personal information.

  • Protocol Control: Lets you specify protocols or ports to log or block with optional time-based policies. It even detects and prevents port hopping, where an application or service tries other ports when the usual ones are blocked.

  • Virus Blocker: Using the open source virus scanner, ClamAV, it actively scans the web (http), email (SMTP, POP & IMAP) and file transfer (FTP) traffic and blocks detected malware before it reaches your computers. It even scans archives and compressed files. Virus signatures are automatically updated with the latest known threats.

  • Spyware Blocker: Also using ClamAV, it protects against spyware with a variety of methods: URL blocking, cookie blocking, ActiveX blocking, and subnet logging. You can temporarily allow a blocked site or permanently add it to the white or black lists. You also have some control over the cookie and ActiveX blocking.

  • Web Filter: Lets you block by website categories, specific URLs, and file types. Logging and reporting helps you monitor traffic and the client pass list lets you exclude certain computers from the filtering.

  • Spam Blocker: With the help of the open source SpamAssasin filter, it uses several techniques to detect and manage spam, including giving users a personal quarantine and pass list.

  • Captive Portal: Enables you to require users to view and/or log into a webpage before access to the Internet is granted, great for ensuring users accept your Terms-of-Use on a public Wi-Fi hotspot or workstations. It features a customizable captive page and supports built-in, RADIUS, and Active Directory authentication. Time policies can limit access and exception lists can exclude certain computers.

  • OpenVPN: Enables secure, remote access to your network from the Internet. It even helps you distribute the client software and encryption keys.

  • Reports: Gives you summary, detail, and per user reports, which can exported and/or automatically emailed.

Page 2: How to Protect an Entire Network with Untangle