Malware test conducted on UTM devices

[Cutting_Edgetech]

It seems netgear UTM's perform well, and they are cheap in comparison to some of the others like Sonic Wall, Cisco, Fortinet, Watchguard, and checkpoint. Checkpoint, and Cisco were not included in the test. I discovered recently that checkpoint does not support third party AV's so if you buy a checkpoint UTM you can only use their AV. http://www.itwire.com/business-it-ne...rd-party-tests

Netgear Prosecure http://www.netguardstore.com/ProSecure-UTM.asp
SonicWall http://www.sonicguard.com/
Checkpoint http://www.checkpoint.com/
Watchguard http://www.watchguard.com/
Fortinet http://www.fortinet.com/

[YeOldeStonecat]

That's good to see, I'll have to dig into that link over the weekend, thanks for posting it.

Several years ago, with the increase in malware and rogues, I started using UTM appliances at more and more of my clients. (I'm a small business network consultant, I design/install/support computers/servers/networks/firewalls and providing other related services like spam filtering and offsite backup for small to medium businesses. I try to take a more pro-active support for my clients, and I started becoming a fan of UTM appliances at the edge, taking the place of traditional router/gateways that did little more than NAT.

I've had some experience with the above products, and I've had better experiences with other products which have shown to be...well, I'll avoid the "comparison" stuff that this site is so against. But to show names, I'm talking about products that started as open source, such as Endian, Astaro, and my favorite....and most widely used, Untangle.

They are basically linux distros that you can install on your own hardware, with 2x NICs..and presto..there's your new edge firewall to replace your current router.

They start with free products, and can purchase additional "add-ons" and support, which I do recommend for a business. However I have a lot of clients, non-profits, that don't have big budgets and yet installing the base free version of Untangle has helped their network a lot.

I can say from experience in using these products over the years, at my clients that I have installed these products...thus replacing their prior NAT routers, I have had a noticable...very noticable, reduction in malware issues. And all other things are quite equal, my usual attention to maintaining Microsoft updates, 3rd party web app updates, Eset NOD32 business edition antivirus, etc. So the comparison is quite fair and clear about the effectiveness of UTMs.

It's another illustration that a "layered approach" for security works!
I use Astaro HGW at home, I built a small 1U Intel dual core Atom appliance, dual Intel gigabit NICs, a Seagate Pipeline hard drive (a drive designed for applications like DVRs...low power consumption, low heat output, extra quiet, 3 year warranty). I also ran Untangle on that same unit, and I frequently try other *nix firewall distros as a hobby just to dork around and learn them.

UTMs are the way to go for business networks!

[Cutting_Edgetech]

YeOldeStonecat, thanks for replying to the thread. I would like to see more threads on hardware on the fourm. Usually if i post anything about hardware i'm lucky to get any reply. I was thinking about replacing my Sonicwall UTM, and getting a Netgear Prosecure. Not sure if i'm going to at the moment for budget reasons. I've thought about using untangle in the past, but I already had a UTM. It seems like Untangle has good support on their forum. I use a SW UTM appliance on my home network. I got tired of routers bottlenecking when downloading torrents, and stuff. My friends thought i was crazy for spending the money on a UTM since there more designed for business use. I have 4 desktops, and a laptop on my home network, and purchasing a UTM has been worth every penny. It sound like you have a good business going. I build custom computers. I built the four desktops i have at home. Working with computers is something i just do on the side. I'm no professional. If I had more time i believe i could make good money at it because I had several people recently offer to pay me to build them one. I just don't have the time now. The last PC i built would have cost around $3500. I was able to build it for about $1800. That's including the OS W7 64bit ultimate. I don't buy PC's anymore because they come with so much junk software installed on them, and they use cheap parts. You almost always don't have much options for upgrading them do to their design. Well i wish you the best of luck with your business!

[YeOldeStonecat]

Quote:

Originally Posted by Cutting_Edgetech

YeOldeStonecat, thanks for replying to the thread. I would like to see more threads on hardware on the fourm.

Me too....I've tried to spark up the interest in UTM appliances now and then around here, I'm surprised they haven't caught on more. What's good about them, is you get a layered approach to security. Your computer(s) run an antivirus, "brand A". And these UTM appliances run at least one other antivirus "brand B"...some of them have options to run an additional antivirus "brand c". So you can get 3x total antivirus products checking your incoming data from the 'net. In addition, many of them have an anti-spyware component which leverages additional technologies to prevent the ad/spyware versions of malware.

In addition to the above benefits, you get the protection from the UTM appliances products without any impact on your computers performance. As most of us are somewhat familiar with, if you install many security products on your PC, your PCs performance suffers, it bogs down. Offload that additional protection to your "firewall"...you can keep your PC lean and mean with just one antivirus product, and enjoy zippy performance.

They're not difficult to build, setup, and manage. If you can navigate yourself around your home grade Linksys/Netgear/DLink/etc broadband router, you can find your way around managing these appliances...they're managed via a web browser interface. You do not need to know linux, building a UTM appliance with these distros is quite easy. You take a standard PC of mainstream components, most these days have an onboard NIC, so you just need a second NIC...install that, and ensure it meets the minimum supported specs. Generally a P3 or higher, 1/2 a gig or a gig of RAM. Using "older" PCs is easy, and it's a great way to recycle that old computer. Download the ISO, burn to CD. Set the computer you'll use for it to boot from CD, power up, and follow the easy to follow installation wizard. In a few minutes you have your new firewall up and running, remove your home grade router, put this new firewall in place, fire it up, configure it, and blammo..you're online!

Worried about another big computer running? Using lots of electricity and making noise and heat and taking up too much space? I've used old laptops of mine, I just slap in an old PCMCIA network card for the 2nd NIC. They work great, it's a computer, with 2 network cards, it takes up little space, it doesn't use much electricity, it has a built in keybard/mouse, and a built in battery backup unit!

As you think of replacing your Sonicwall...I encourage you to consider building one, try Untangle or Astaro HGW, I'm confident that you will be so much more impressed with them than the Netgear Prosafe. And the performance....you're in control of that, but generally you'll end up with a product that will easily...without breaking a sweat, run circles around any "off the shelf" boxed product you can purchase for under a thousand bucks..as far a concurrent sessions/state table size.

What I've done for a lot of clients of mine, since they're businesses, I usually have business class computers at their office. Compaq Evo series, HP Business Desktop DC series, Dell Optiplex series, and usually small form factor desktop chassis. These days they're retiring the Pentium 4 H/T vintage, and even early Intel Pentium D dual cores, since computers of that vintage are over 4-6 years old. Still enough power for a UTM appliance. I'll ensure memory is adequate, I'll put a new hard drive in place (since that's the part most likely ready to die...if not dead already), and I'll slap a 2nd NIC in the PCI slot...like an Intel or a 3COM...good standard NICs that are well supported in linux, and they're hardware controller based so strong performance (versus more software driven NICs like realteks..yuck). Onboard NICs in business class workstations are usually Intels (best) or Broadcoms (still decent). So for pretty much just the cost of a new hard drive, (we in computers usually have plenty of spare NICs and memory around)...you're recycled a computer to be your UTM appliance.

Or if you have some $$$ budget, pickup a small form factor or mini ITX platform with an Intel Atom D510 dual core, or a Pentium D. Still very affordable. I used a SuperMicro Atom D510 board, dual onboard gigabit NICs,
http://www.newegg.com/Product/Produc...82E16813182238
and a front I/O port SuperMicro 1U chassis.
http://www.newegg.com/Product/Produc...82E16811152107

Just over 300 bucks together. Can snag a hard drive for cheap, I paid 49 for that Pipeline DVR drive. I already had the memory in my drawer full of spare RAM.

Many people are taking the "Shuttle" type case approach too.

Have I talked you into building one yet?

I used to custom build PCs too...many years ago I did a lot of custom gaming PC builds. And then another side biz...building, and managing, gaming servers for LAN parties and co-locating in data centers for public gaming servers. Stuff like various version of Quake, Unreal Tournament, Half Life and variants, Castle Wolfenstein, many of the Battlefield series of games (BF'42, Desert Combat, BF Vietnam). Fun stuff!

[Cutting_Edgetech]

I acqually already have a spare Pentium 4 3.4ghz PC with 3Gb of ram that i built about 2 years ago. I would need another NIC card, and the ones i have looked at aren't cheap. Do you have any suggestions for an NIC? I could run Astaro or Untangle on it.

[YeOldeStonecat]

Heh...wow, there's some power!
newegg.com
search for intel nic
there are several that are under 100 bucks, one starting at 29 bucks. The models ending in "mt" and "gt" seem to always work well over on Untangles forums.

[Cutting_Edgetech]

I looked at the NIC's a few months back on Newegg. I wanted to get the best NIC for the money. I was looking at a budget under $200. The majority of them were expensive. BTW.. What made you choose Astaro over Untangle, and other UTM appliances? What kind of AV, and antispyware does Astaro have? I know Untangle uses Kaspersky, and i'm not sure if it offers other options. I may just build my own UTM like you said. I've been thinking about it for a while. It would be fun. It would allow me to have the type of protection that enterprises , and governments have without the huge budget. If i were going to purchase a UTM though i believe at this point i would give Netgear Prosecure a try.

[mack_guy911]

i start up with endian and p3 machine for home i used it for more than 2 years then i build core 2 duo 2.66 for untangle or astaro i tried with both and settle down with astaro for home every one has its fav i like astaro very much i got quantum network card (build on realtek chip)100mb they are working perfectly fine expensive card doesn't mean its great i got intel 1000gb at time time my endian didnt recognised it so i suggest realtek card they are very good and pretty cheap and best atleast for me i didn't get trouble with any linux with them i tried almost all utm

astaro got dual av avira and clam av its free for home user you have to register it for free home user license , untangle get kaspersky and clam av in paid one

and endian got clamav and also paid one got sophos antivirus

astaro demo

endian

http://www.endian.com/



http://demo01.astaro.com/

[YeOldeStonecat]

Quote:

Originally Posted by Cutting_Edgetech

I looked at the NIC's a few months back on Newegg. I wanted to get the best NIC for the money. I was looking at a budget under $200. The majority of them were expensive. BTW.. What made you choose Astaro over Untangle, and other UTM appliances? What kind of AV, and antispyware does Astaro have? I know Untangle uses Kaspersky, and i'm not sure if it offers other options. I may just build my own UTM like you said. I've been thinking about it for a while. It would be fun. It would allow me to have the type of protection that enterprises , and governments have without the huge budget. If i were going to purchase a UTM though i believe at this point i would give Netgear Prosecure a try.

There are some quality Intel NICs at Newegg for around 30 bucks. The thing with selecting your network card with *nix router distros, is you want a good hardware controller based card, versus a card that is more software drive and CPU intensive. Cheap cards will work..but when you "push" your system, you'll find if you used a good hardware controller based card, it will perform well. If you use a cheaper software controller based NIC, you'll start seeing slowdowns and perhaps have to reboot now and then. This is especially true if you start fiddling with the QoS settings. And this is especially true for heavier UTM distros like Untangle which works at layer 7 in the OSI model and really pushes the NICs hard as it passes traffic from each virtual machine to another in its virtual rack. The better the NIC, the better the performance you can expect out of the appliance.

Untangle starts with ClamAV in the free one, plus there are a bunch of technologies leveraged together in its separate anti spyware component. Kaspersky is a pay for add-on.

I have not found an authoritative answer to what 2 AV engines Astaro currently uses, they used to use Kaspersky, I suspect Clam is their base AV engine. As for the second engine, several years ago I saw "Authentium" mentioned in their forums. I'm not sure if that's still currently used....or if they went proprietary with their own AV engine.

I'm currently running Astaro...just because I wanted to learn it more. I'll probably have Untangle back on there soon, and Untangle is what I use at many of my clients, I don't have any Astaro installs at clients. Astaro is "more mature", it's been around long, and I like it's reporting better. It's a lot more granular and has more features. Untangle is easier, simpler interface.

I actually started getting into UTMs way back in the earlier days of IPCop, there was an add-on module called "Copfilter" which added some basic UTM features (like spam and antivirus filtering). I then discovered Endian back then, which started out based on IPCop w/Copfilter..and then matured more on its own. Very nicely polished package.

[mack_guy911]

i agree with YeOldeStonecat he got more experiance in this field then any of us

as far in astaro i got from their forms they use avira on single scan and on dual scan they add clamav with avira scanning

http://www.astaro.org/astaro-gateway...countered.html


http://www.wilderssecurity.com/showthread.php?t=261437


http://demo01.astaro.com/

[YeOldeStonecat]

Quote:

Originally Posted by mack_guy911

i agree with YeOldeStonecat he got more experiance in this field then any of us

as far in astaro i got from their forms they use avira on single scan and on dual scan they add clamav with avira scanning

http://www.astaro.org/astaro-gateway...countered.html=

Ahh cool thanks for posting that link.
Good to know AntiVir is first too...so I can leave it at single scan instead of dual scan, it'll run quicker, and I don't have much faith in Clam being the second opinion.

[mack_guy911]

if you are planning to use astaro

i like to mention few things which i did after facing problem

please

1st write the lan card interface with marker on outside(eg eth0 and eth1......etc) its pretty helpful later for remembering.

2nd by default astaro is ping enabled so when you scan your router with grc

it replay to ping if you want to stop it might give you connection problem

so for that you can disable ping replay from network security>packet filter>ICMP firewall is ping visible and add a rule for ping in network security>packet filter>Rules

then by clicking on folder tab you see auto created rules in side of astaro from there drag

source: internal network
service:ping
destination: internal address (which is your gateway address)

apply ok also if you want log check the option as well


it will let you ping your gateway from your internal networks so from your internal pc you can ping but from outside its disabled.

3rd best thing after you get connected try to make less rules at start and try to connect once you get connected create a backup 1st so if you face any problem you can restore then make rules tight according to your need.

4th most important best thing is register before making astaro and download free license key after installation when you login from other pc put that license key at start up(free license key is for home use not for commercial use.

5th for astaro you need a separate pc with complete blank hardisk you cannot install any thing in that hardisk better if you using old hardisk then delete all partition during installation.

6th to login you need to type the address 192.168.x.x (which you given at time of installation and port 4444 by default) and then you need to type that address from other pc browser for example https://192.168.1.1:4444 and login and tweak put your license ......etc

7th you need monitor during the time of installation but after that you dont need a monitor you can login from browser of other pc and does all.

8th for antivirus,URL content filter .....features you need to enable proxy and also set proxy in your browser or you can enable transparent proxy....etc in web security

9th if you connect from modem please put it on bridge mode and give astaro full access of your net for that ....you can set it from Interfaces and routing>Interfaces then edit.....etc set it from there.

last create few rules of blocking add them slowly learning step by step putting every thing on block cause nothing but frustration.... which i learn from my astaro experience. astaro is very powerful and not as easy as untangle any wrong rule....blocking.....etc cause your network block so move slowly and steadily

also please check this thread specially nedmug link it give an idea about installation

http://www.wilderssecurity.com/showthread.php?t=260106

[YeOldeStonecat]

I made a stickied thread listing *nix router/firewall distros" over on our forums at Speedguide.net (I'm staff member over there)
http://forums.speedguide.net/showthread.php?t=235860

It's fun finding new ones to try out and dork around with.

[mack_guy911]

thanks YeOldeStonecat i check .....

its old links but very good give a little idea about them

http://www.linuxbsdos.com/2009/09/03...distributions/

http://www.linuxbsdos.com/category/firewall-router/

http://www.linuxbsdos.com/2009/09/05...distributions/

[mack_guy911]

Quote:

Originally Posted by YeOldeStonecat

Ahh cool thanks for posting that link.
Good to know AntiVir is first too...so I can leave it at single scan instead of dual scan, it'll run quicker, and I don't have much faith in Clam being the second opinion.

yes i agree with you YeOldeStonecat single scan very fast you hardly notice its really great that they put avira on single scan mode which is pretty logical

also it download things on gateway and run the scan then give link if file is safe if not its still kept in gateway you can delete it by cleaning cache

also i like to add from forums i got is core OS of astaro is suse enterprise linux

sorry here is the link

http://www.astaro.com/blog/up2date/a...r-announcement

[Rilla927]

Quote:

Originally Posted by YeOldeStonecat

I made a stickied thread listing *nix router/firewall distros" over on our forums at Speedguide.net (I'm staff member over there)
http://forums.speedguide.net/showthread.php?t=235860

It's fun finding new ones to try out and dork around with.

Interesting link. One question, can something like this be built for windows?

[mack_guy911]

Quote:

Originally Posted by Rilla927

Interesting link. One question, can something like this be built for windows?

they need a different hardware means additional pc with 2 lan cards (ie. your one pc used as router you cannot run any thing on it) behind it you can put as many computers as you want (for astaro its 50 for free home user) in simple words it make your one computer as router and behind it you can put any Os Pc including windows mac..............etc ]


also check this thread

http://www.wilderssecurity.com/showthread.php?t=284339

[jrmhng]

Can you make the UTM into a wireless router as well?

By that I mean have the computer have an internal adsl modem (or at least a nic connected to a modem) and a wireless nic?

[Cutting_Edgetech]

Could someone write a comparison in features offered by Untangle, and Astaro. I'm using Sonicwall, but in a few months i'm going to build my own UTM. I know some of you have used both, and I have not tried either one yet.

[mack_guy911]

Quote:

Originally Posted by huangker

Can you make the UTM into a wireless router as well?

By that I mean have the computer have an internal adsl modem (or at least a nic connected to a modem) and a wireless nic?

utm not support wireless cards/features not yet you need to add router behind it to act as access points for wireless.

advantage is like for example i got old router and the vendor stop updating its firmware so behind astaro its pretty safe.

but soon we going to see WiFi controller in 8.1 of astaro

http://distrowatch.com/?newsid=06324

http://forums.speedguide.net/showthread.php?t=235860

[mack_guy911]

Quote:

Originally Posted by Cutting_Edgetech

Could someone write a comparison in features offered by Untangle, and Astaro. I know some of you have used both, and I have not tried either one yet.

please check post number 14 and it links

main difference is between untangle and astaro is that in untangle which package you installed

http://www.untangle.com/Product-Overview

it give you freedom of installing the packages and software according to your need and its setting is pretty different as compare to astaro its pretty easy and straight forward

where is astaro every thing is bundle you can enable disable the features but there is no such thing as installing uninstalling features.

astaro support 50 license users 3200 concurrent connections for home user

where untangle there is no limit in license

antivirus

astaro avira+calmav free for home user

untangle clamav free and kaspersky paid

new feature like country blocking, better organized webmenu, search mode, ....etc astaro

now 8.1 is in beta testing they are adding wireless support for access point...etc


both of them are feature rich very good and forums people are very good supportive

at first astaro and untange both where very frustrating i do face ping problems connection problem i formate astaro 3-4 times because i was unable to connect .......lack of knowledge of setting open ping on grc scan on both if i disable i cannot connect to it.......etc

but soon when i start learning feel both quite good and settle for astaro it depends you which you like to use i advice try both and settle with one for a long time.

by default astaro lock every thing inbound/outbound connection so at start up it ask to to set rules of web services tell yes or you are unable to connect even to astaro web admin

please check astaro videos and demo you get the whole idea about features

sorry i am talking much about astaro more because i am using it for nearly 2 year now and it change pretty much so might be untangle and i cant say much for untangle new features.

untangle videos

http://www.untangle.com/Demos-Screenshots

Astaro Tutorials Videos

http://www.astaro.com/support/how-to-videos

[mack_guy911]

huangker please check this link as well

http://www.astaro.com/news-events/pr...out-compromise

[Blueshoes]

I run an Untangle box with an Asus 510 dual core Atom with 4GB ram and a Intel dual server nic in bridge mode. My gateway is a Zyxel USG 100 UTM with Zyxel's Intrusion Detection and Prevention System. (IDP). I am running Zyxel's AV that is their own engine with 15,000 signatures. They have a Kaspersky option that has 2,500 sigs, but that seems like too little sigs for the money.

When the trial period is over, I will be only run the Zyxel IDP and passing on both options for AV and content filtering on the Zyxel. That is handled by Untangle.

The Zyxel USG series has had a ground up newly coded firmware upgrade that was implemented AFTER this review.

Part 1

http://www.smallnetbuilder.com/content/view/30589/109/


Part 2
http://www.smallnetbuilder.com/content/view/30605/109/



Before I bought my Zyxel USG 100, I bought a Netgear ProSecure UTM25 and returned it after 1 week. It was a DOG! It had 5 mbps throughput with only AV running. ( worked with Netgear ) FAIL!

Plus, Untangle's Kaspersky caught 9/10 malware files from a secret testing site I know, and Netgears ProSecure UTM25 Sophos engine caught only 3/10 of the same files.

My Zyxel/Untangle has 13-19mbps with everything running. and no 2-3 second delays after hitting the enter key to go to a website like the Netgear. Untangle is in bridge mode with most modules installed. Defense in depth, or layered defense so to speak. I am very happy with this setup.


Old back end demo of a USG 200. (Newer firmware GUI more refined looking.)

http://www.zyxel.com/guidemo/ZLD_v210/index.html


.

[mack_guy911]

more results of utm

http://66.196.80.202/babelfish/trans....de%2fkes-test


source:www.stz-netze.de

http://www.stz-netze.de/stz-netze-publikationen.shtml

sorry i use babel fish for translation.

[Cutting_Edgetech]

Can one use Untangle or Astaro, and continue to use their preference of AV, and firewall on each machine or workstation they have? I'm wanting to continue to use NOD 32, and Online Armor while using the Gateway AV, and firewall provided by Untangle or Astaro. This is for home use. I want to switch to Astaro or Untangle in January, but I want to make sure I can continue to use my current AV, and Firewall with the gateway AV, and Firewall provided by Astaro or Untangle.