Unified Threat Management Systems (UTMS), Open Source Routers and Firewalls

Tim HooksScott Rolf

Session Overview

The Linux Kernel is particularly adept at routing IP traffic and lends itself for use as the operating system for building not only your own router, but also routers that include firewalls and intrusion detection. Performance of these systems often outstrips that of proprietary products. Well-known packages include Astaro, Untangle, pfSense and IPCop.

Untangle www.untangle.com

Included Free• Web Filter • Virus Blocker • Spam Blocker • Ad Blocker• Attack Blocker • Phish Blocker • Spyware Blocker • Firewall • Routing & QoS • Intrusion Prevention • Protocol Control • OpenVPN • Reports

Available for Fee• Live Support • eSoft Web Filter• Kaspersky Virus Blocker• Commtouch Spam Booster• WAN Balancer• WAN Failover• Policy Manager• AD Connector • PC Remote• Remote Access Portal• Branding Manager

Untangle Deployment Options

• Router: Dedicated server that performs routing & firewall services

• Transparent Bridge: Dedicated server that drops seamlessly behind existing routers & firewalls

• Re-Router™: Adds network-wide protection while running on an existing desktop (runs on Windows)

• Runs on bare-metal install, or on Windows XP, or in VMware.

Untangle Pro and Cons

PROS• Cost• Commercially

Support• Serves multiple

functions

CONS• Cost – not free!• Supports limited

number of NICS/networks

Questions on Untangle?

Give it a try, you can build a box in about 20 minutes.

IPCop www.ipcop.orgThe Bad Packets Stop Here.

Now we’re talking, think of IPCop as free replacement for your Cisco PIX (just add your own standard PC).

There are plenty of add-ons for this product also:

•URL filter with predefined categories

•Advanced Proxy

•OpenVPN

•ClamAV

•Update Accelerator for Windows Update caching

•BOT – Blockout all Traffic – used to specify which ports and addresses can be used for outgoing traffic

IPCop Installation

• Again, very straight forward and quick.• Download an iso file, build cd, boot to cd

and it installs.• Pick add-ons, install and configure

IPCop Pros and Cons

Pros• Free except for

hardware• Online community of

support• Continually developed

and enhanced

Cons• Not much

commercially available support

• Must learn something about linux to use, not much, but at least a little

Questions on IPCop?

Astaro – www.astaro.com

• Solution based on open source software• Buy appliance or image and pick your own

hardware• Web filtering• Anti-virus• Very good failover capabilities built in• Price based on size of data pipes

Questions on Astaro?

pfSense

pfSense in a nutshell

• open source firewall• based on FreeBSD and the pf firewall

(packet filter)• 3 Editions – LiveCD, Embedded & Full

install

Deployment Types

• Boarder Firewall to the Internet• Internet Proxy• LAN Router• WAN Router• Packet Sniffer• DHCP Server• VPN Server

Makes a great firewall for your home or remote war room!!!

Hardware

• 10-20Mbs -> 266 MHz CPU• 21-50Mbs -> 500MHz CPU• 201-500Mbps -> 2GHz w/ pci-x or –e nic• 501+Mbpz -> 3GHz CPU

Embedded version can run on Soekris, Nexcom, Hacom and Mini ITX hardware

VPN Throughput

• 4Mb -> 256MHz• 10Mb -> 500MHz

What makes it so special?

• Supports multiple Internet Connections• Captive Portal • Wake on LAN• Packet Sniffing• Statistical Graphing• Simplified ruleset due to use of aliases• It’s free!!! (and offers more then many

commercial firewall appliances)

What else can it do?

• Add on packages are being developed all the time.Automated backups Avahi (think Bonjour)

FreeSwitch VOIP antivirus proxy

IGMP Proxy Squid

Nagios client BGP

Radius support OpenVPN support

Instant Messaging Inspector cflow integration

SIP Proxy Intrusion detection

Stunnel spam removal

How to do I set it up?

1. Find a computer with 2 network cards.2. Boot from the live cd and assign the

outside and inside interfaces.3. Your done.

System Menu

Interfaces Menu

Firewall Menu

Services Menu

VPN Menu

Status Menu

Diagnostics Menu

NAT Outbound

RRD Graphs

Check it out at www.pfsense.com

Questions on pfSense?

Other questions? Comments?

Thanks for attending.