UTM Thread.

Mayahana · Mar 3, 2015

It appears the issues I was having with Endian are well known, documented, and unfixed. AV Scanning and Web Filtration seem to be 'broken' in it. Also the major 'theme' for Endian is - it's riddled with bugs, which is exactly what I find.. Sadly, the logical structure of the GUI made sense to me, and I liked it - but it's too buggy for production apparently. Also many of the questions on the forum go unanswered - support seems absent, even from the community.

http://www.efwsupport.com/index.php/board,4.0.html

Romulus6cbc · Sep 2, 2015

JLD said: ↑

If it helps, my alternative to a home hardware-based UTM or a hardware-based NGFW is OpenDNS Prosumer combined with McAfee SaaS Web Protection. I've done a fair amount of searching and trialing, and centered on this combination for goodness of security at a reasonable price without the complexity (for me) of adding and maintaining yet another piece of hardware to the home.

OpenDNS Prosumer ($20 per year for 3 devices, or, $6.67 per year per device) protects against malware communications at the DNS level. The Prosumer subscription requires installation of client software, so it can only be used for PCs, Macs, and iOS devices, which are the majority of my devices. Android is not yet covered. OpenDNS Umbrella, for corporations, provides protection for an entire IP address, but at $50 per year with a minimum of 10 licenses this makes the cost higher than what I was willing to bear. For me, 3 licenses cover our 8 devices that can be covered. I do wish I could cover our security camera, Roku, Obihai phone,...., but this for us was a compelling compromise at a compelling price. One great feature of OpenDNS is that all ports are covered.

McAfee SaaS Web Protection ($32 per device per year, 5 device minimum) is a proxy-based service running internet traffic through McAfee's web gateway. There are a couple of tests available for this service: See their website and see http://threatcenter.crdf.fr/?Stats (McAfee-GW-Edition) as well as Virus Bulletin. Any device with a browser can be set up to proxy traffic through McAfee's gateway. I'm choosing to cover only those devices that might access financial and sensitive accounts, so our cost for this is the $160 minimum cost. In one independent study, McAfee Gateway's blocking rate was comparable to Fortigate.

Both services are set up for aggressive screening. They have mostly blocked advertising sites most likely from call-outs on loaded pages, and most of those sites are either not malicious or are not definitively malicious. Both services have blocked clearly malicious sites and clearly malicious advertising. It is impossible to know what they have not blocked that they should have.

Our endpoints have Bitdefender Total Security (no problems so far, am aware of the issues raised on this forum), Malwarebytes Anti-Exploit Premium, and the Invincea FreeSpace browser or Sandboxie, depending on the machine.

The combined annual cost for of these two services (OpenDNS and McAfee SaaS Web Protection) is only slightly higher than the annual subscription cost associated with a Check Point 620 or a Fortigate 60D SMB NGFW. When I factor in the up front hardware costs of those 2 hardware options, the subscription SaaS route I've taken is significantly less. I do, however, give up the ability to cover all premises devices that I would be able to cover with a hardware solution.

I'm interested in all comments and suggestions as I seek to improve our home internet security.
Click to expand...

Hi JLD, I'm getting ready to deploy an almost the exact scenario for my small business. Cyberoam UTM + Bit Defender Business Security + OpenDNS. But now I'm wondering if OpenDNS is necessary, given it's features are covered by the other two solutions, except for DNS resolution, which will be provided by the ISP. Any thoughts? Thank you in advance for your help.

JLD · Sep 2, 2015

You probably are fine with just CyberOam UTM + Bit. I am now using Sophos Home UTM (free) + Various AVs + OpenDNS. I don't see OpenDNS blocking much behind the UTM, but it does block a handful of malvertising and exploits per day. Those almost certainly would not make it past my sandboxes anyway. If you are not behind the UTM, and if it is inconvenient to use the UTM VPN, then OpenDNS can be a more valuable layer. For me, at $20 / 3 endpoints for OpenDNS, it was worth it to have that extra layer. I think you can go either way. Hope this helps.

JLD · Sep 2, 2015

FYI, I point the UTM to OpenDNS's servers and override the ISP's DNS

taytong888 · Oct 30, 2015

Hello,
I have been thinking about getting a good refurbished laptop or barebone mini-PC to set up a UTM system for a home network. The majority of these units have only one NIC connector. Just wondering:

1) Why are TWO RJ-45 connections required;

2) How such a system will be connected between the modem and wireless router.

I appreciate hearing from you all.

Gullible Jones · Oct 30, 2015

@taytong888

If traffic isn't going through it perforce, there's no way to ensure that it isn't being bypassed somewhere. Physics always trumps software. You need two connectors so that you can plug one into the switch or router, and the other into the modem.

taytong888 · Oct 30, 2015

Hello,
I should have been clearer about my Point #1. Most of the PC's out there have only ONE Network Interface Card slot.

Log in or Sign up

UTM Thread.

Mayahana Banned

Romulus6cbc Registered Member

JLD Guest

JLD Guest

taytong888 Registered Member

Gullible Jones Registered Member

taytong888 Registered Member

Log in or Sign up

UTM Thread.

Mayahana Banned

Romulus6cbc Registered Member

JLD Guest

JLD Guest

taytong888 Registered Member

Gullible Jones Registered Member

taytong888 Registered Member

Useful Searches