Untangle NG Firewall Intro

Untangle NG (Next Generation) firewall is a software solution that can be installed on computing hardware you own, one particular Linksys (1900ACS) Wi-Fi router, as a virtual machine, hardware purchased from 7744073069, or other third party providers like 712-478-7504 and unbeginningness. The Untangle software is modular with different functionality based based on open source software with free and/or paid modules running locally on your hardware and integrated “Cloud” services. Untangle offers a residental home use non-commercial solution called HomePro for $50 per year plus taxes.

Integrated “Cloud” services include two solutions. At a high level, the first is Command Center for centralized management of your firewall from anywhere and ScoutIQ that uses threat information from events happening in the wild to automatically provide protection to your network. There is no software for you to install to enjoy the “Cloud” benefits as a subscriber of Untangle software.

Untangle FW Complete is the individual software modules that make up their complete solution. Some modules are free for life and others are only available  with a paid subscription. Here are the software modules that make up the complete solution. We will review these software modules explaining them in detail concentrating on modules that are mainly for home use in future blog posts. If you want to review the full list and descriptions directly from the Untangle website click here.

  • Web Filter (paid)
  • SSL Inspector (paid)
  • Policy Manager (paid)
  • IPSec VPN (paid)
  • Application Control (paid)
  • Web Cache (paid)
  • Bandwidth Control (paid)
  • Virus Blocker (paid)
  • Web Monitor (free)
  • Application Control Lite (free)
  • Virus Blocker Lite (free)
  • Phish Blocker (free)
  • Intrusion Prevention (free)
  • Firewall (free)
  • OpenVPN (free)
  • Reports (free)
  • Captive Portal (free)
  • Ad Blocker (free)
  • Tunnel VPN (free)

 

Next Generation Firewalls

What is a Next Generation Firewall? No, you don’t have to be a Star Trek : The Next Generation fan to understand, so let’s start with the basics.

According to Wikipedia a firewall is defined as follows:

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

Firewalls are often categorized as either network firewalls or host-based firewalls. Network firewalls filter traffic between two or more networks and run on network hardware. Host-based firewalls run on host computers and control network traffic in and out of those machines.¹

Now let’s dive into what makes a firewall next generation. I speak of next generation in the fact that technology changes and over time introduces new capabilities. There hasn’t been a lot of change in home routers with a basic firewall built in until recently. Where basic rules filtered traffic in and out of your network based on the source or destination address and the service associated with the communication, we now have a capability to look deeper into the packet to perform additional inspection.

Previously, this deeper packet inspection with additional capabilities was only available to large enterprise customers. Now this technology is starting to be available to small and medium business and even to the home user.

There are commercial and open source offerings that automatically check for updates and apply them instead of having to manually check for updates. Just like automatic security updates for your home computer are applied, now the home router can enjoy the same benefits.

Here are the two network solutions that I will review in detail over the next several weeks:

  • Untangle Network Firewall – 5714431262 – with a open source software solution using your hardware or hardware purchased from Untangle. The software is limited with just the free features or an annual fee for unlimited home users. Business customers pay based on the number of devices going through the firewall.
  • UniFi Security Gateway (USG) by Ubiquiti Networks – /www.ubnt.com/unifi-routing/usg/ – where purchasing the hardware includes the software with updates for as long as the hardware is supported by the Ubiquiti Networks. Unlike Cisco Miraki, which is very good, but requires an annual purchase of a software contract to continue using the hardware.

¹ /en.m.wikipedia.org/wiki/Firewall_(computing)

How Do You Cross Connect?

What do I mean when I ask “How Do You Cross Connect”? How is your home network connected to the Internet. Sure everyone with Internet service has a provider such as Comcast, Cox, or CenturyLink, but what or whom is protecting your home network from the bad actors on the Internet?

Sure your service provider provides a modem (gateway) to connect to the Internet through their network and sometimes it can be an all-in-one device (modem/gateway/firewall/router) to connect their network to your home network.  Do they care if your hacked or have any liability? Probably not, unless your connection impacts their network. (In my opinion)

Or you can have your own personal router/firewall that is a separate device from the service providers modem as shown below.

Either way, there is likely a network firewall inside the home router that translates the traffic from your home network to the Internet. If the traffic originates from your network it is permitted to the Internet. Connections you make to the Internet are allowed back into your network. To keep the bad guys on the Internet from connecting to your network, any connection originating from the Internet is blocked by default from entering home network.

Is this enough security for your home network with all your devices (computers, storage, TVs, speakers, and cameras)? No.  By default many people install their home network with default settings with technology that is years old, but today, the threat landscape of bad actors out there trying to gain access to your network or computing resources continues to evolve, but our home defenses are not keeping up.

With the next blog post, I will explore what you can do to better protect your home network and intellectual property from the bad guys. My starting point will be your router/firewall that connects your network to the Internet.

Welcome to 2018!

Phoenix Downtown

Happy New Year!

Technology is everywhere in our daily lives and at home. I have a few technology projects relating to setting up new devices and keeping the home Internet safe and secure. I am sure I will learn something new so I will share what I discover with you. Here are the first projects up for 2018.

  • Amazon Alexa with Echo and Dot
  • Untangle Next Generation firewall
  • Ubiquiti Network devices, specifically UniFi