as @Mayahana said in that machine you can run any UTM for home use, I think IPFire is more than enough for a home use and is fairly "easy" to configure, and through the addons you have the flexibility to install almost anything, rutorrent, owncloud, ftp, samba, wifi access point.... http://wiki.ipfire.org/en/addons/start
Getting a UTM is a really good idea. http://thehackernews.com/2014/12/router-vulnerability-puts-12-million.html
Wow.. Terrible news.. But substantiates my claim that everyone needs a UTM, and will likely be forced to run one (hardware, distro or otherwise) within the next 5 years. Mostly because of blended threats over a range of different devices, protecting them all is virtually impossible without a UTM in place. I really like my ASUS RT-AC87 but I am scared to death to put it as a gateway device, because I know most consumer routers - including the AC87 are vulnerable devices. So for now I back up the ASUS with an Untangle Box for all wired devices in the home, and use the ASUS as a gateway to take advantage of Trend Micro scanning on the pipe. Not idea, but far far stronger than most setups. I am going to re-engineer my setup at some point, although I may be moving to a 300Mbps connection, and I am waiting for more data on when that becomes available before making major network changes.
I have been checking at ClearOS, it looks great, tons of features and easier to use than IPfire if you don't have linux skills
ClearOS is gorgeous, but does need some hardware. I'd run ClearOS as a gateway if I didn't have an ASUS.
I ran into a NASTY .scr trojan this week.. Easiest way to solve .SCR loaders? Block them. Untangle you can block .scr file extensions outright, but other UTM's can do the same. ~VT results removed per policy~
At $180 and only 45 watts this seems like good alternative for home UTM: http://www.neowin.net/news/hp-unveils-stream-and-pavilion-mini-pcs
Those would make excellent UTM boxes.. But also cheap refurb systems from Microcenter work wonders as well. I have a few Dual Core 2.93Ghz 4GB machines I picked up for $89.00 each I use as UTM's and Servers. Very cheap, and they VERY well. But those little boxes would be pretty awesome, and consume very little power. Gullible, it's by extension. Most .SCR files seem to be delivered as .SCR files, rather than packed. If they are packed, unpacking would be snagged by Norton's File Reputation. I want to stop all .SCR at the gateway, which this accomplishes. I've not found a .SCR that will bypass Norton yet, because most are horribly rated on reputation, or not rated at all.
I prefer this board with 2 gigabit ethernet http://www.gigabyte.com/products/product-page.aspx?pid=4918#ov
Here's my Untangle blocking rules for port 80/443. I think this gives me the best coverage for malware, pup/pua, and spyware blocking.. I find greeting card crap sites are laced with malware, same with porn, nudity, and gambling.. So I block all of those..
I was using IPfire, but decided to give the latest version of Sophos UTM (9.3) another try. My experience has been excellent. It has a very powerful set of protections - intrusion protection (built around Snort), antivirus scanning (using Sophos or Avira, either one individually or both together), flexible URL filtering, excellent reporting, and hands down the best on-line help/documentation I've seen. (It has many more features I don't use - QoS for VOIP, email scanning, and endpoint protection - basically Sophos AV for your endpoints, managed by the UTM. And lots more.) It is easy to get going (tip: when you install it, the first time you log into the browser admin UI, UTM 9 has a setup wizard that works best when your LAN and WAN cables are already physically connected). But it can be a little complicated to get tweaked to your liking - it has so many options it can be confusing at first. The online help and the Sophos forums will probably answer any questions you have. I run it on a dual core Atom mini-ITX board from Jetway with 2 GB of RAM. For me, RAM usage is about 50%, and the CPU loafs. Oh, and it's free for home use. A license is good for three years, at which time you log into the Sophos/Astaro web site and renew it for another three years. Is it perfect? No - configuration can be a little confusing (some options are buried in tabs in subsidiary windows), and I don't care for the way it pops up a separate screen when you are downloading a file (this is part of the antivirus scanning feature - it downloads to the UTM, scans the downloaded file, and only then lets you copy the downloaded/scanned file to your PC). But other than those quibbles, it is the complete package, and the price can't be beat. I know this post reads like an ad. I have no association with Sophos other than being a satisfied user.
Sophos UTM Home literally broke half of the things on my network. Even STEAM wouldn't connect. Even after I programmed custom rules/policies/ports, it still blocked them. Then I discovered Sophos has 'aggressive' core IPS that CANNOT be changed. It's setup for businesses. So it views simple things like traffic from my smart TV as DDOS floods, and IPS blocks it. After working in a test environment with it for a week I decided to give up on it. Good for business, bad for home was my conclusion.
Mayahana - I saw your previous post, and almost mentioned it in mine, but I thought I'd stick to my experiences. My experiences are different from yours, but my network is clearly different - no Steam/online gaming, no internet-connected TV. My traffic is simpler and frankly, more basic than yours. So clearly YMMV. It's good to experiment, like guest said, with other UTM's (like IPfire and pfSense), to see what works for you. In fact, I have separate hard drives with each of those installed, and if Sophos starts having issues, I can always switch back by swapping out the drive.
Not yet. But Untangle has a new version coming out with a completely re-written, and vastly more powerful IPS. So I may hold out for that, as I find the web inspection and configuration of Untangle to be remarkably good!
No. My Untangle is in production, so it's not likely I will try the betas unless I built out a spare box here. I am just going by what Untangle folks have told me.
Wonder if this is a good alternative: https://www.wilderssecurity.com/threads/protect-windows-with-pfsense-and-virtualbox.307918/
This is ridiculous, and would be remarkably effective if someone wanted to spend the time to do it, and had the knowledge base! Untangle isn't impressive to me, I will likely replace it with a ZyXEL USG110 in the coming days. Untangle has some serious issues; 1) IPS doesn't actually work on it, and the signatures do not update. IPS is effectively useless on it, and I do not know how they can claim it's a NGFW without a working IPS? 2) AV scanning on it is really only HTTP. Not like most UTM's with packet stream AV (Flow through). 3) It's not cheap! $50-$200 a month. The only cheap part is your hardware, it can run on any old dual core laying around. 4) Lack of MAC processing. Everything is generally based off of IP, which is circumvented easily by folks on your network. What Untangle does have is remarkable throughput, good interface, good deeper policy functions, and a remarkably good web filter. Otherwise I find it half-baked, and wouldn't trust any real network on it. It's been good to learn about it, and essentially become an 'engineer' of Untangle, but otherwise I don't really care for it, and don't really like the amount I spend on it for a half baked IPS which is the front-line of any network after simple NAT.
Not to mention the amount of time you must have spent having to convince one of their employees on the forum that their AV solution did not work. I do not remember how many times I asked them to have a look at the Hitmanpro UTM plugin, but they (like you saw in their forum) simply do not answer. Must be easier that way... Over a year ago I did try to setup Sophos UTM as a transparent bridge, but I did not succeed, is this something you would have the time to try? It would be nice to have their dual engine scanning the traffic. /E
I was unable to successfully bridge Sophos, it's pretty buggy, and has some serious lockdowns in it. In fact I couldn't even set policies/rules to bypass some of it's hard coded blocks for gamers, and consumer stuff. I had to ditch it after a few days of trying.
It´s been a long time since I tested Endian, seem they have a bridge mode now! Second antivirus is now Panda, could be great if it is feed from their cloud. I do not have a spare computer right now, anyone up for a test drive? http://www.endian.com/en/products/security-gateways-utm/features/ /E
Very nice! I may toss together an Indian to test tomorrow if I have time. I have a spare dual core sitting here. If I like it I would likely format my Untangle, as that is on more powerful hardware.
