Itus Guardian.

Discussion in 'other firewalls' started by Mayahana, Feb 26, 2015.

  1. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I just got off of a half hour call with Daniel at ITUS Networks about their impending home-soho UTM release. Lots of technical questions I needed answers to..

    https://itusnetworks.com/

    Itus is a few really cool guys with a really cool idea that got kickstarted. They are using opensource in their product, and not looking to exploit anyone but to provide a good, efficient, easy UTM for home/soho environments at a price anyone can afford - with the huge yearly fees. Interestingly, Daniel was originally from where I currently live. So far;

    1) ITUS is set to ship at the end of next month - on schedule.
    2) ITUS is basically an OpenSource Firewall with SnortIPS, SquidAV, and a licensed content filter list attached to high powered, compact, low power drain hardware.
    3) ITUS has no monthly fee - and will never.
    4) ITUS is plugnplay, but also can be very complex IF you want to get into it.

    Here's a downside... In transparent/bridge mode, ITUS only offers IPS filtration. So everything else is turned off when running in this mode. This is NOT ideal, and they know this is a limitation right now they will eventually overcome in future firmware updates. So going into it, plan on using ITUS as your primary router or you will be severely hampering it.

    I'm seriously considering ordering one to deploy, at least for testing purposes. I wanted to go with Bit Defender Box, but they packaged it with anemic hardware, and 10/100 interfaceso_O LOLo_O? I pay Untangle $60 a month, so 3 months I paid off ITUS, and ITUS is at least as good as Untangle, probably better given the horrendously broken IPS in Untangle, and the flawed AV scanning mechanism.
     
    Last edited by a moderator: Feb 26, 2015
  2. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Good video here, with Daniel.. Also Steve Gibson chimes in.

    https://www.youtube.com/watch?v=kGTzFhKgUbQ#t=2707
     
    Last edited by a moderator: Feb 26, 2015
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Interesting, although there was AlphaShield about 5 years ago that apparently is no more.
     
  4. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Do you know what AV engine it will use? Maybe ClamAV?
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Looks interesting, I may buy one of these type of devices for myself soon.
     
  6. henryg

    henryg Registered Member

    Joined:
    Dec 13, 2005
    Posts:
    293
    "huge yearly fees" .... How huge?
     
  7. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I meant huge yearly fees for like Fortinet, Cisco, etc.... ITUS is free after initial purchase..

    As with all of the OpenSource Free solutions, it uses ClamAV for the AV, but uses a licensed content engine filtration for malware URL filtration.
     
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    He meant to say without the huge yearly fees. :)
     
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    They show the device being installed between the broadband modem and typical home router. Is it fully functional in that configuration? Why would you want to use it in transparent/bridge mode?
     
  10. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    It is fully functional as a router straight off from a modem. All features enabled. Transparent mode would be good if you wanted to place this ahead of your existing router, for example if you had a secondary router with a powerful radio and no AP mode, or if you have multiple appliances in segments, such as a Application Data Protection appliance. In the case of someone with a ASUS RT-AC78, they could use the ITUS as a transparent off of the cable modem, then still utilize Trend's powerful URL/DNA filtration secondary to this providing layered gateway security.

    After a mis-adventure last night with Pfsense,I may purchase the guardian. Pfsense is a cluster to say the least, and I couldn't get it to properly recognize any of the NIC's in my servers, and when I finally got it to recognize one NIC it wouldn't properly hand off DHCP. I grew totally frustrated with pfsense, and gave up after a couple of hours. These servers here have run everything from Untangle to Sophos, and anything in between but pfsense? Apparently not.
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    To be clear people are not going to want to use it as a router meaning the device they already have that provides multiple ports and wifi. They're going to use it along with their home router. The video on the itus website shows the shield installed inline between the modem and existing home router.
     
  12. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    That's misleading then. Because the ONLY thing that will be active when it is placed between a modem and router is IPS. A very powerful Snort Based IPS with extended rules. Thus providing IPS to a home environment that has never seen IPS. However they would lose all of the other features (Content Filtering, URL Scanning, AV, etc). This seems to be a limitation in Pfsense. I checked Pfsense documentation and they seemingly do not support all UTM features in transparent.. That's a HUGE advantage Untangle has, as Untangle supports full UTM feature sets in Transparent mode. So to gain full advantage of ITUS you need to have it as your router, handing off DHCP. Otherwise it's ... Not so great. I think they need to make this more clear, and I only found out after talking to them on the phone, and I suspected this, which was why I called. They refused to provide me with a beta-build of the device (with me paying for it), so color me skeptical until I see it released.

    2 choices;

    Router -> AV/IPS/Content/URL
    Bridged Between Modem and Router -> IPS

    Untangle's primary advantage over most OpenSource solutions is the fact that full UTM featuresets are functional in transparent/bridge mode. VERY FEW UTM's function correctly in this format. It takes great work for me to get a ZyXEL or Fortigate working 'correctly' in this mode. Untangle does it with a single click. I am going to rebuild my Untangle box today with the 11.1 Beta and toss it in Transparent.
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Here's their goofy video - note the 56 second mark:

    https://www.youtube.com/watch?v=g6BsBDxZCCk

    See also their installation support page "modem and router are separate devices". I cannot find anything on the site that suggests the device is less functional in this config.

    https://itusnetworks.com/support/installation/
     
    Last edited by a moderator: Feb 28, 2015
  14. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I think the video is a bit misleading. It's clear based on video they claim it works between modem and router - which it does - but only for IPS. If you want the full features, Itus needs to BE your router. I'm not too happy about the misleading nature of that, I think they need to be more clear.

    But in all fairness, the IPS would be an extraordinary improvement to most home environments alone.
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    This is from Daniel at itus networks in response to my question about transparent mode (placing the unit between the modem and existing router).

    Thank you for your interest in Shield.

    Yes, that is correct. This is a limitation for the v1 firmware but we're actively working on finding a solution.

    We hope to be able to push out a firmware update at some point to resolve this.


    I'll be interested in getting one of these units when they can make it fully functional in transparent mode.
     
  16. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Essentially what we are getting with this is Pfsense done right. Is that worth $188.00 for a little box with Gbe connections CAVIUM processors, and SUPPORT? Is it worth having something with 3 years of engineering and debugging behind it? Remember, Fortinet's are all essentially linux distros with custom programming and gui, so they all started as ITUS-Like at some point. The market for a engineered, supported, managed appliance like Itus is pretty significant.

    How many SOHO and SMB will go through the headaches of deploying a Pfsense vs ITUS? How many of those don't want to drop $900 on an appliance, with a $600 yearly renewal? My thoughts are, especially after poor experiences with distros lately are to pick this up, and then toss it on as a primary router, and then use my ASUS RT-AC87 as a WAP. That way I get the full advantages of AV/IPS/FW on the ITUS with an exceptional ARM based Quad Core WAP.
     
    Last edited: Mar 3, 2015
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Are you asking rhetorically? :) It's definitely worth $188 if the device is fully functional, but I can't get behind the fact that currently a big piece doesn't work unless I completely reconfigure my network. And even if I'm willing to do that for myself there's no way I would try to get my customers into it. When they get the firmware updated then we'll be good to go :thumb:
     
  18. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    IPS alone is probably worth it. SNORT with emerging threat database itself will stop a majority of problems. So even transparent, it's a good solution.

    I will be the guinea pig, I just ordered an ITUS, and it's supposed to ship within 3-4 weeks. I put it on a credit card with a 'double' the seller warranty, and quality of product guarantee, so I have a lot of protection if it goes south. But I think they will probably deliver a good product in the end. Untangle costs me $600 a year, so this will pay itself off quickly.. Fortinet's I would need on my network would cost almost $900 a year to support.

    Untangle is half-baked without paying a ton, I think Untangle needs a 'consumer' price point. Or a less restricted free version. Keep dreaming, right? I assume if Untangle puts in a workable SNORT and doesn't charge for it I might keep using Untangle but revert to free mode. In the meantime, ITUS is on order.
     
  19. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I'm somewhat worried about their capability to offer support. You can't fire out a network appliance like this without having a couple of dedicated support engineers. Right now it can take 'days' to get emails answered, if they even bother to answer. This is the pre-sale phase, so it is a bit worrisome they can't handle what should be a light email load right now. Untangle I can get support instantly, rarely over 5 minutes. Even support from within the appliance itself by clicking the interface! I've gotten Untangle support at 10PM at night when my AV daemon refused to initialize .. I fixed it myself, but it was good knowing support was available. (daemon was corrupted)
     
  20. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I ordered an ITUS.. It's only $188 gamble, I am OK with that.

    I spoke with Daniel again today. One important thing - ITUS will be able to load HOST files into RAM, for router level host file IP blocking! That's a great feature, and apparently it won't be complex doing it, so we could load Dan Pollack and MVPS up at the router level and eliminate issues filtering that on endpoints (and also covering blended devices).
     
  21. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    Are they shipping the "Shield" yet, and since you're in touch with them can you get an update on how they're doing with updating the firmware for transparent mode functionality?
     
  22. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Not shipping until the end of March. FW revisions are ongoing.
     
  23. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,640
    Location:
    Toronto, Canada
    I am actually quite excited that you've rolled the dice with ITUS and look forward to hearing your take on it once they start to ship. Also glad that ITUS decided during Kickstarter to upgrade to the Cavium chip for final release as well. It is a nice piece of hardware and they are running a customized version of OpenWrt on it and therefore you are right, managing additional Hosts files with it will be quite easy. All of my DNS level blocking is done through OpenWrt as well. I would also recommend Peter Lowe's Hosts file (http://pgl.yoyo.org/as/) for your ITUS because his Hosts file is very efficient since it does not include subdomains which aren't necessary when blocking on DNS level anyways. His site can also serve different formats, DNSmasq in particular would be at the root of ITUS quite likely but also the ability to add different Hosts as well. There are several scripts for OpenWrt (likely to work on ITUS) that automatically grab the latest MVPS, malwaredomainlist.com, hosts-file.net, and AdAway (more for mobile ad servers) and compiles them into one DNS list while also removing any duplicates, etc. Anyway, I am excited that you're giving ITUS a shot and look forward to hearing how it works out for you.
     
  24. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,640
    Location:
    Toronto, Canada
    Forgot to mention, you can also do decent geo-blocking by IP ranges as well. So hopefully the ITUS dev team has opened up all possibilities.
     
  25. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Cavium, takes 10watts of power? That's worth it.

    Corrupt in that it's a fully engineered OpenWRT, DNSMasq, Squid, etc. Getting SUPPORT, regular firmware upgrades, and that level of hardware is well worth it - I think.