Untangle offers us multiple open source applications that are necessary at a network gateway. The open source and free applications provided by them include:
Attack Blocker
Attack Blocker blocks off denial of service or DOS and Disturbed DOS attacks and screens out the good traffic from the bad one through reputation based heuristics, thus focusing the network on the genuine users. The Untangle Server cleans all the packets eradicating attacks based on packet. It can also deconstruct the packets entering the server to reconstruct a new trusted one having the same information. The patent-pending technology of Untangle is used for profiling the computers that interact with our network to find out any risks and then reject its access (Untangle, p. 1).
Firewall
Untangle uses protocols and IP addresses to filter traffic allowing the administrators to execute NAT and produce DMZs, designate the services and systems that are publicly accessible and complement hardware by running as transparent bridges. We can even specify our individual set of rules, thus determining the response of the Firewall. This is done by using Untangle’s proprietary technology for blocking or logging traffic. Custom blocking or logging rules are created using direction, source and destination address, source and destination port, and protocol.
Intrusion Prevention
Intrusion Prevention stops hackers even before they can breach the desktops and internal servers, i.e. at gateways by using pre-configured signature based IP of Untangle. It is an Intrusion Detection System which stops unwanted traffic and can find malicious activities on the network utilizing signature detection by using a record of known attacks. Since it is pre-configured we do not need to customize it although we can change some of the default rules. Intrusion Prevention functions by using Snort signatures and a customized scan engine.
Phish Blocker
Phish Blocker blocks both pharming and phising at gateways. Untangle has an Identity Theft Blocker which scans emails using IMAP, SMTP and POP and protects against phising by marking phished email and sending them to user’s quarantine. Its functions are based on phish signature databases and ClamAV engine. It is extremely powerful and transparent and we can configure it for scanning our outgoing or incoming traffic without altering any mail configuration (Feilner, p. 221).
Protocol Control
Protocol Control allows network administrators to take back network control from troublesome port hopping programs, like P2P applications. It scans program data stream transparently and blocks or logs designated protocols accordingly. It utilizes L7-Filter Netfilters for classifying protocols using signature based OSI layer7 information for filtering and Untangle’s default settings, updates, customized scan engine and tuning. Administrators can conserve bandwidth by stopping programs from opening several TCP ports, add custom signatures to the protocols and thus, improve productivity (Untangle, p. 1).
OpenVPN
Administrators can provide safe remote access using OpenVPN to internal networks. It is a SSL based VPN supporting both client-to-site and site-to-site VPN. It has a predefined client distribution feature and custom interface and functions at the Application Level. IP is encapsulated by SSL in UDP. Encapsulation and encryption of IP packets sent by tap or tun virtual network adapter take place on an UDP connection and is passed to the remote host. Decryption, authentication and de-encapsulation of the packets take place at the remote host by a tap or tun virtual adapter. The explanation for user-space or Application Level implementation is the tap or tun virtual network adapter. While the former simulates Ethernet, the latter represents a computer-generated point-to-point link similar to a T1.
Reports
Reports provide necessary data and visibility to administrators for investigating security incidents and enforcing network usage policies. It uses Untangle’s customized interface and components and a number of Open Source tools and compiles them to generate reports based on the events which are logged by Untangle’s server software. These reports are either PDF or HTML files which can be emailed to others too and the users can also avail them through IP Address to User Mapping and Active Directory Integration.
Routing & QoS
Due to its flexible platform Untangle executes routing tasks enabling the administrator to provide basic operations like DNS, DMZs, DHCP and NAT. we can also prioritize traffic by QoS and support IAX and SIP VoIP traffic. Due to Open Source routing, the Untangle server becomes a router from a transparent bridge. QoS enhances quality of VoIP call and ensures that important programs receive priority when accessing bandwidth. Administrators can segment services with low, medium and high priority so that interruptions can be minimized to sensitive applications like RDP, SSH, VoIP and VNC, from various bandwidth intensive websites or downloads having lower priority (Untangle, p. 1).
Spam Blocker
Spam Blocker allows administrators to stop spam from entering the networks at gateways. It is an intelligent email filter which scans all mails transported by IMAP, POP and SMTP. Spam blocker functions by using Optical Character Recognition or OCR, RBLs or DNSBL, Razor, SpamAssassin, Bayesian filters, custom updates and tuning and tar pitting. It controls user tools that are browser-based to manage individual safe list and quarantines. We do not need to alter mail configuration of the network and users can create their personal pass list to label some email addresses as good (Gregg, p. 125).
Spyware Blocker
Administrators can block spyware from reaching users at network gateways. Transparent HTTP scans are carried out on the list and port based filtering of cookies, URLs, ActiveX controls and subnets. It utilizes numerous customized community URL blacklists along with Virus Blocker Technology of Untangle which is based on ClamAV. It also utilizes virus signatures for detecting and identifying particular viruses and blocks keyloggers which is an application for capturing and storing keystrokes from a specific user.
Virus Blocker
Virus Blocker and Kaspersky Virus Blocker stop viruses from reaching users at network gateways. It has programs which scan various protocols to detect viral signatures and include IMAP, POP, SMTP, HTTP and FTP. While Kaspersky Virus Blocker is based on Kaspersky, Virus Blocker uses ClamAV. Both of these programs can detect Trojan horses, viruses and worms. They decompress archive files on-the-fly to scan large files randomly. They also protect our systems from archive bombs which are repeatedly compressed files (López, p. 997).
Web Filter
The Web or Internet Filter allows administrators to implement network usage strategies for monitoring user behavior. It has features like Zero Client installation which helps administrators to conserve bandwidth, block unwanted sites and prevent malwares from entering the network. It utilizes Untangle’s scan engine along with a category list, configurable block and pass lists and customized updates and tuning information. Web Content Control stops users from accessing certain Internet sites. It supports five pass and block lists – File Extension and MIME Type block lists, URL block list, Category block list, Client pass list and URL pass list (Untangle, p. 1).
Works Cited
- Feilner, Markus. OpenVPN: building and integrating virtual private networks. London: Packt, 2006.
- Gregg, Michael. How to cheat at configuring Open Source security tools. Michigan: Syngress, 2007.
- López, Ezequiel J. “Simultaneous untangling and smoothing of moving grids”. International Journal for Numerical Methods in Engineering 76.7 (2008): 994-1019.
- Untangle. 2009.