As you’re likely aware, guarding your PCs from malware – viruses, trojans, spyware – and hacking is crucial for protecting your files and data. However, don’t forget about your mobile devices. Malware and hacking will be becoming more prevalent on smartphones, pads, and tablets. This makes network-wide security protection even more beneficial. It can cover your entire network, giving you protection for your mobile devices and adding a second layer of protection for your PCs.
There are several ways to implement network-wide security. Today we’ll be discussing the Untangle platform, which you can install on a dedicated PC or run as a virtual machine (VM). It can also serve as your network’s router and firewall, plus can give you many more additional features. As Figure 1 shows, it features a user-friendly GUI to configure and manage all the components.
Untangle offers a free open source distribution called the Lite Package (which we’ll discuss), in addition to premium offerings that start at $50 a month for up to 10 users.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Discovering Untangle Lite
Here’s an overview of the components offered in the free open source edition of Untangle:
- Firewall:Similar to most off-the-shelf routers, it filters traffic based on IP address, protocol, and ports. Additionally it can perform NAT, which means you can hook Untangle directly to your Internet modem. You can also create a DMZ for computers that require unrestricted access to the Internet.
- Intrusion Prevention:Using the open source intrusion detection system, Snort, it can detect and stop thousands of different hacking attempts.
- Attack Blocker:Basically a smart firewall, it analyzes traffic to block specific hosts that are deemed aggressive or risky. This can help prevent Denial-of-Service (DoS) and other attacks from the Internet.
- Phish Blocker:Based on ClamAV, it detects and helps you manage possible phishing emails, or those fraudulently trying to get you to login to an online account or divulge personal information.
- Protocol Control:Lets you specify protocols or ports to log or block with optional time-based policies. It even detects and prevents port hopping, where an application or service tries other ports when the usual ones are blocked.
- Virus Blocker:Using the open source virus scanner, ClamAV, it actively scans the web (http), email (SMTP, POP & IMAP) and file transfer (FTP) traffic and blocks detected malware before it reaches your computers. It even scans archives and compressed files. Virus signatures are automatically updated with the latest known threats.
- Spyware Blocker:Also using ClamAV, it protects against spyware with a variety of methods: URL blocking, cookie blocking, ActiveX blocking, and subnet logging. You can temporarily allow a blocked site or permanently add it to the white or black lists. You also have some control over the cookie and ActiveX blocking.
- Web Filter:Lets you block by website categories, specific URLs, and file types. Logging and reporting helps you monitor traffic and the client pass list lets you exclude certain computers from the filtering.
- Spam Blocker:With the help of the open source SpamAssasin filter, it uses several techniques to detect and manage spam, including giving users a personal quarantine and pass list.
- Captive Portal:Enables you to require users to view and/or log into a webpage before access to the Internet is granted, great for ensuring users accept your Terms-of-Use on a public Wi-Fi hotspot or workstations. It features a customizable captive page and supports built-in, RADIUS, and Active Directory authentication. Time policies can limit access and exception lists can exclude certain computers.
- OpenVPN:Enables secure, remote access to your network from the Internet. It even helps you distribute the client software and encryption keys.
- Reports:Gives you summary, detail, and per user reports, which can exported and/or automatically emailed.
Like other router/firewall platforms, you can either buy Untangle preinstalled on a server or create your own appliance by installing the software on a PC or server. When creating your own, keep the following minimum requirements in mind:
- 1 GHz Intel-based processor (32 or 64 bit)
- 512 MB of RAM
- 20 GB of Hard Drive
- 2 Ethernet cards (3 if you want to create a DMZ)
- Ethernet switch and/or wireless access point (for distributing access)
At least during the installation, you’ll also need a bootable CD/DVD drive, monitor, keyboard and mouse. To create the install disc, you need a blank CD or DVD and access to a PC with a CD or DVD burner.
Warning: Installing Untangle will wipe everything from the hard drive.
There are two ways to deploy Untangle. The Router method provides NAT and means you hook the Untangle PC directly to the Internet modem. The Transparent Bridge method turns the NAT function off, meaning you connect the Untangle PC to a router which is plugged into the Internet modem. Neither method is generally safer or better than the other, but it’s usually best to use the minimum amount of hardware, thus the Router method.
Remember for either deployment method, the Internet traffic must pass through the Untangle PC. One Ethernet port on the Untangle PC will be the Internet/WAN input. Another Ethernet port will be the output to your local LAN. Thus you’ll need an ethernet switch to connect more than one computer and/or a wireless access point for Wi-Fi connectivity.
Download and burn the ISO image file to a CD or DVD disc. Make sure you have the Untangle PC hooked up using the Router or Transparent Bridge method. Then insert the disc in the desired PC, reboot, and then follow the installer that should boot up. Once installed, you’ll reboot. Then click Launch Client, go through the Setup Wizard, and select the Lite Package.
If you need help, refer to their Wiki.
Once the basic network and Internet functionality is working, you can start configuring the security features.
Keep Using Protection on PCs
Though Untangle provides reasonable protection, it doesn’t support malware scanning of secured HTTPS traffic, like other network-wide solutions. Thus you should always install and keep Internet security software updated on all your desktops and laptops. Since you have double-protection, you might opt for using a free anti-virus program, such as from AVG or AVAST. You should also take advantage of the built-in Windows Firewall.
Eric Geier is a freelance tech writer and author of many networking and computing books, for brands like For Dummies and Cisco Press. He also founded NoWiresSecurity, which helps businesses quickly and easily protect their Wi-Fi with enterprise-level security. Additionally, he’s a Field Technician for Fast-Teks, an on-site computer services company that has hundreds of locations across the U.S.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.