[SHARE] Untangle to Own (The UTO project)

本帖最後由 samiux 於 2010-2-21 12:14 編輯

I am going to share my experience of implement of an Intrusion Prevention System (IPS).  IPS can be owned in a very low cost with no advanced knowledge of technology or skills.  It is very easy to implement by anybody.  The easiest way is to use Untangle.  My home network is equipped with Untangle for a quiet long time.  The machines (Windows and Linux) that behind the Untangle are running healthy and well.

What is an IPS?
An Intrusion prevention system (IPS) is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks . When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology.(*1)

How Windows users benefit of IPS?
Windows users may encounter various attacks, such as spywares, trojan horses, virus, web page hijacking and etc.  Windows systems as well as application softwares may contain vulnerabilities.  Once your system is compromised, your system will become one of the zombies in the intruders' controlled network.  Trojan horses can be infected by browsing a infected website.  IPS provides a solid protection from these kind of attacks and intrusion.

How Linux and Mac OS users benefit of IPS?
Unix-like system may not infected by virus and spywares easily.  However, Unix-like systems and application softwares may contain vulnerabilities and flaws.  Once your system is compromised, your system will be one of the zombies.  In addition, these system may also be infected by trojan horses when browsing infected websites.  IPS provides a solid protection to your system.

Some of these systems are application servers, such as web servers, mail servers, FTP servers and etc.  These servers can also be attacked by intruders at 7/24.  Once there is a flaw on these servers and the security patches are not updated in time, your system will be compromised.

What is Untangle?
Untangle is a privately held company that provides an open source network gateway for small business. Untangle provides multiple gateway applications installed at the edge of a network. These applications include Anti-spam, Web Content Filtering, Antivirus, Anti-phishing, Anti-spyware, Intrusion prevention, Firewall, OpenVPN, Router, Protocol Control, Attack Blocker, Reporting, Policy Manager, and Kaspersky Virus Blocker on the Untangle Gateway Platform.(*2)

Home users can bittorrent behind Untangle without any problem.  The internet surfing speed will not drop but you can benefit of smoother and faster web browsing experience.  Gamers may also benefit of the QoS.

What is hardware requirements for Untangle?
For 1 to 50 PCs, a Pentium 4 with 1GB RAM, 80GB hard drive and 2+ network interface cards is a good start.  For 1500+ PCs, it may require 4+ cores with 4+ GB RAM, 80GB hard drive and 2+ network interface cards.

Intel ATOM D510 CPU with 2GB RAM, 80GB hard drive, 2 network interface cards and a gigabit 4 or 8 ports switch is good enough for home, SOHO and small business or even school.

Can I build an Untangle myself?
Yes, you can download Untangle from the official site and install it.  It comes with open source and paid softwares.  In general speaking, open source softwares are enough for general use and they are free of charge.  The installation is easy and straight forward.

However, you may encounter problem when installing Untangle on Intel Desktop Board D510MO (which is equipped with ATOM D510 CPU).  If this is the case, you can refer to this site for the tutorial.(*3)

I do not know how to build an Untangle, where can I buy one?
You can buy Samurai (Mini) or even tailor-made a more powerful Samurai from this site.  Samurai is based on Untangle but comes with some hacking.  There is no subscription fee when using open source softwares on Samurai as well as Untangle.(*4)

What is the different between Untangle and Samurai (Mini)?
Official Untangle is equipped with about four thousand rules but Samurai comes with more than ten thousand rules.  Rules of Samurai are update in ten minutes intervals.  This makes sure Samurai had the most updated rules for the intrusion prevention purpose.  If you require paid softwares, Samurai can provide a discount for you.(*4)

Reference
(*1) IPS - Wikipedia
(*2) Untangle Official Site
(*3) Intel Desktop Board D510MO
(*4) Samurai (Mini)

Open source is a great idea and changed the world!

Samiux
Unofficial Ubuntu Hack!

之前試過玩呢隻, 但係Performance 麻麻

TOP

之前試過玩呢隻, 但係Performance 麻麻
amdhorus 發表於 2010-2-21 13:01


The performance is improved a lot when it is upgraded to 7.0.  This site is behind Samurai (Mini).  You can experience the different.

TOP

How does you know D510 can support 150+ users? thanks

"supports up to 150 or more computers/users"

TOP

Untangle 好大食, 唔係咁易養

TOP

How does you know D510 can support 150+ users? thanks

"supports up to 150 or more computers/users" ...
fo2live 發表於 2010-2-22 17:08


According to the official website, 2 cores CPU and 2GB RAM can support up to 150 users.  Pentium 4 and 1GB RAM can support up to 50 users.

ATOM D510 is dual core with HT (total 4 threads) and it is faster than Pentium 4.  Please do not look down D510.  It is very good and faster.

TOP

Untangle 好大食, 唔係咁易養
tracker 發表於 2010-2-22 17:21


It is neither a memory hunger nor CPU power eater.  It is running smoothly at my side.  It is running well with 2GB RAM with NO swapping.

TOP